masslogger

General

Target

8c689dedf337057280913d9a8dfc9c10c297e2dc9669a1e19e2c8cbf99cd5ed9
Size

747KB
Sample

220521-af2lqadafj
MD5

99728a572c625ddf3d1227b7f857ea03
SHA1

1b6fdee9577d7fb5c5adc0bf4b4032281d824d48
SHA256

8c689dedf337057280913d9a8dfc9c10c297e2dc9669a1e19e2c8cbf99cd5ed9
SHA512

7d93e7072209ae7e21c2d068d45939920285fa1b7096b82ced66ee366f182db300813466e31f879c8799ff98fde89a416a61197e8d94d7f44c6a3724904e513f

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:20:12 AM MassLogger Started: 5/21/2022 2:20:03 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\PO31909704_1.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  PO31909704_1.exe
- Size
  
  788KB
- MD5
  
  4425e6eccd87b5f867f0e8591b869c6c
- SHA1
  
  1c84f8ae03b5c314e64caec354130c4e9adc3974
- SHA256
  
  3e57aaffcd5dfe4c6487c73f7c457865405070f276efab07164f30be4741e733
- SHA512
  
  48aee6277d3bc33c3024f6c0fb3f889970bc80725af65995be71e9a78041a917b09c0945042b0704e8a4d7ed4db85af6213fbfc9335336596026013826dc2eb7
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2