masslogger

General

Target

039f4e733627c8a68c6bdf598e2e5f3887c53eee4034f0db21d6b159146aa0f7
Size

1.1MB
Sample

220521-b2n37achb8
MD5

fda9add22de60858025a3a06c8ad5ba1
SHA1

d511663f8f02f4b52fe7183b074f33d68b0f8f18
SHA256

039f4e733627c8a68c6bdf598e2e5f3887c53eee4034f0db21d6b159146aa0f7
SHA512

5c16e2a736592f8da57b863ff80aab2f1fb2a3e7a153edb81de2997b9855eefe1de6b3d4aae558c0364ec4ffc0a703e7ecf971f38e4226bf60929d38608ce2bc

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:32:17 AM MassLogger Started: 5/21/2022 2:32:05 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Dmacdavid

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:31:43 AM MassLogger Started: 5/21/2022 4:31:36 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Targets

- Target
  
  Inquired Materials.exe
- Size
  
  2.3MB
- MD5
  
  47d3bd28eb5dd0d07bf1550987f443fd
- SHA1
  
  f25d43feefd19d187e64f4bf8bfb33589cc0c32a
- SHA256
  
  db6d686590ded24cbfc0dfb2be4cd25035d7422c4cf49e6b9bf94469d2573e7d
- SHA512
  
  76065edd59cb13198de9d7f668977089d02b4bad286f6067141acbca57a54f8da07bc48b78ee04954e5e5f0f916eb113a0eb212dc13702d5c36f27cbddffebec
Score

10^/10

masslogger agilenet collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

Obfuscated with Agile.Net obfuscator

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2