masslogger

General

Target

ff82b34cd9ac4182c6396daa6d38a5f6d073191882e086114edb42f05862bdc5
Size

832KB
Sample

220521-b7jewsgddr
MD5

9f15c98686a86b9c9b02fcb14d1771a7
SHA1

0721b14b5f6ad7a465fa08a9592617748e5919d4
SHA256

ff82b34cd9ac4182c6396daa6d38a5f6d073191882e086114edb42f05862bdc5
SHA512

da5c4b54cc1805e78a6a200abde92fdaf2647b1f4d39b5ce506cfc5364d860b8758adca4e4923096467f8094692bc84186aa828177e2efb1432026cb900000a2

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:39:42 AM MassLogger Started: 5/21/2022 4:39:22 AM Interval: 96 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.larosadelmonte.com
Port:
587
Username:
[email protected]
Password:
CONL082013**

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:39:56 AM MassLogger Started: 5/21/2022 2:39:53 AM Interval: 96 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Order 6403 M6aOVZjZ4hixHYB.exe
- Size
  
  889KB
- MD5
  
  d837dfece70f0905fe0f8cbdedf66923
- SHA1
  
  c1a7d041d493f77971701744563e3473182319ff
- SHA256
  
  20bd64b1563fb2fc12b2ace4dd062f8057e7abab76c8a454883aa46a1c97acfd
- SHA512
  
  13f1fa148d51a0d34272eae8bd6d928975be17a4f1d124445f7c57c17156441da227c0fa2a454c844e5c0f2039dd3fb9b951c225fbffb489c7b6163481af173f
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

ReZer0 packer

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2