masslogger | 4fb747b6c79d7e978c661fd3479124e92c5be6ba644c370dd4acd633e3d5fdf7 | Triage

Submit
Reports

Overview

overview

Static

static

OOCS DI 20002876.exe

windows7_x64

OOCS DI 20002876.exe

windows10-2004_x64

Sharing

General

Target

4fb747b6c79d7e978c661fd3479124e92c5be6ba644c370dd4acd633e3d5fdf7
Size

1.5MB
Sample

220521-avgj4aagg5
MD5

88b5cae0beed5703ca2c5a4f0dc16361
SHA1

4074cb75245db5cddeb9afbcc4a411cc839d0778
SHA256

4fb747b6c79d7e978c661fd3479124e92c5be6ba644c370dd4acd633e3d5fdf7
SHA512

f882358191182333c52e20c7cafaef688c6d53410cebdded57377003f2031e2f345964528193652d20dc0933bcc3741c43ae21b6cad9a1a23fbfc0202f0f16bd

Score

10^/10

masslogger agilenet spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

OOCS DI 20002876.exe

Resource

win7-20220414-en

masslogger agilenet spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OOCS DI 20002876.exe

Resource

win10v2004-20220414-en

masslogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  OOCS DI 20002876.exe
- Size
  
  1.4MB
- MD5
  
  27f8ea7f5eca57a8ad069629b50f942e
- SHA1
  
  2ac3264d1221cf22de0f38690dfb4bbdd2a694a1
- SHA256
  
  83b37e01d5d48f6a7bc0557863a4e91e84dfc8a1e721850ea265f78cbd6d275a
- SHA512
  
  e4dfd9a5aaab3713ca06a7d8808b3ff06c09c6c3fb101cab5d87af46a830a6447bfb66396c911e4ef3ae5fca96c60c25db633ec7f3ae09ccea22808df05d8e35
Score

10^/10

masslogger agilenet spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggeragilenetspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy