Overview

overview

10

Static

static

10

PO 7405591...40.exe

windows7_x64

10

PO 7405591...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff49433d67b8d8ffb6c3757b20b3baf4f45399ec3560876ef4f819b0aae6c194

  • Size

    554KB

  • Sample

    220521-b7msbagden

  • MD5

    5ce17b50e448c0949b5d9fd4f511ee34

  • SHA1

    1654097ab0aed9c4adccbb9bce8bd16b596c59ad

  • SHA256

    ff49433d67b8d8ffb6c3757b20b3baf4f45399ec3560876ef4f819b0aae6c194

  • SHA512

    c2eae8a677e15b2021b327a4f9c53b3556f087b412c8f764b75ff1cdcf3ece76396af9b36a54c1556ad2179f572028b1a3bb4526682d0fb45a2d405f5bdfe54a

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:41:34 AM MassLogger Started: 5/21/2022 4:41:22 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      PO 7405591, 7756947 ,7756740.exe

    • Size

      1.2MB

    • MD5

      63831c721dddee09571fe4d9df808576

    • SHA1

      6fdd675db58fe108ec77ad19f72d05d908cbe07c

    • SHA256

      f8a4be5923387077b32e65cfea383db1576e5dd068b926a1e9833ff24e48fd64

    • SHA512

      c40638ecfab9b4de4756a29a09d68a4b896adbfedf8a43a0ebe7e09647d24a3d5e1c7bbe8fe324d090ebcf00424f59f5884cde0ac8f3974796d22a36b86da4c0

    Score
    10/10
    massloggerransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks