masslogger | 54cb28a794d4dd8d4296b0ca070eb2afd1154f4a8ead7aec7dc0066ec62f06a6 | Triage

Submit
Reports

Overview

overview

Static

static

x2KDOSVNRiSbYcK.exe

windows7_x64

x2KDOSVNRiSbYcK.exe

windows10-2004_x64

Sharing

General

Target

54cb28a794d4dd8d4296b0ca070eb2afd1154f4a8ead7aec7dc0066ec62f06a6
Size

788KB
Sample

220521-b14ggsfhdn
MD5

e91405d8586eac21a91df36dfafe441e
SHA1

e4b44f490152dd4df4ed829426823b8a11555da3
SHA256

54cb28a794d4dd8d4296b0ca070eb2afd1154f4a8ead7aec7dc0066ec62f06a6
SHA512

4a78297a50615e989070561e79ea9e8f2cad3e8ca5c9b2f022db35df16bbc3482cc87eb52fe3243bea38db6be45386777abeafd8e6023fd634db61ae353ab999

Score

10^/10

masslogger collection coreentity rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

x2KDOSVNRiSbYcK.exe

Resource

win7-20220414-en

masslogger collection coreentity rezer0 spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

x2KDOSVNRiSbYcK.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
requestShow@

Targets

- Target
  
  x2KDOSVNRiSbYcK.exe
- Size
  
  871KB
- MD5
  
  23623b167a6e271b89f266cda6f4d308
- SHA1
  
  b8f5846cf059451256cf6d25f804588651a4b04b
- SHA256
  
  8a3dd3eb355760a77c7bd89e2316c7741e37f9b20435a23d144e58ba856bd7c7
- SHA512
  
  11830c8366ec005b3439c9b9bf4de62db61d44d0c296b9d91a2c3705fa2f3454abd84bc1a711f55db2926c89f6556c3751e4af292e4cfe0456038886552fe760
Score

10^/10

masslogger collection coreentity rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectioncoreentityrezer0spywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy