masslogger | 4615389657415d2ff06489dfe0e8394977fd68922796a6a1f1afbecab466d45a | Triage

Submit
Reports

Overview

overview

Static

static

RFQ TC3363...78.exe

windows7_x64

RFQ TC3363...78.exe

windows10-2004_x64

Sharing

General

Target

4615389657415d2ff06489dfe0e8394977fd68922796a6a1f1afbecab466d45a
Size

794KB
Sample

220521-b168dafhej
MD5

6e709030c711516d954763ddeb1f7abe
SHA1

8d1f4e58f782a4fb8acbf47a0d91eadc9a6ac7b1
SHA256

4615389657415d2ff06489dfe0e8394977fd68922796a6a1f1afbecab466d45a
SHA512

443fb776d2e81abd98ee70c64fd2db4ac97246ca66f47800a775596caf2303b55742592aeb48ffb897060626677fae0c334a2065bcadd27db61d3db0d0bf1c4a

Score

10^/10

masslogger collection coreentity rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ TC3363 554 ref 5578.exe

Resource

win7-20220414-en

masslogger collection coreentity rezer0 spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ TC3363 554 ref 5578.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  RFQ TC3363 554 ref 5578.exe
- Size
  
  930KB
- MD5
  
  b420ec9b5e7102e29376ed8035492676
- SHA1
  
  e78dde3f48dbb4cff8a0a156c240ad4f25fac806
- SHA256
  
  61ab7d6bc7b5b5a3f90635ed4208d0528155a4283b1deb656e194caf198cba80
- SHA512
  
  2f7297fad8c4c06f07aeb176ef17526a5d7d1f5ec278019ce5a09fa0460db7cf69569721d4d7d25bb45efb9d8c1caca4acc3783d2317bdb02ddad84d2ce5a135
Score

10^/10

masslogger collection coreentity rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectioncoreentityrezer0spywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy