General

  • Target

    1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a

  • Size

    834KB

  • Sample

    220521-bb59saegam

  • MD5

    f56905035fd9b140c07cd997cb489ee8

  • SHA1

    93f63e17179a87572ccd422aba2c9c46d9ee0cd6

  • SHA256

    1c9448879ae16e5069c06cbd9555f3df748996c2ae6901a427f156d21bfe854a

  • SHA512

    4fc005553aee378fc49f0b7b8071cdb607fe87672ac7294941af1cc41a47b2fd8509c77d2446108d30f77d7ba09addf2b88b78209093248de7dd92d1b23fb45e

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:26:41 AM MassLogger Started: 5/21/2022 3:26:25 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\QUOTATION 0123.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:26:23 AM MassLogger Started: 5/21/2022 3:26:19 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\QUOTATION 0123.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      QUOTATION 0123.exe

    • Size

      885KB

    • MD5

      39483695a751f29df877db2fca8c69d3

    • SHA1

      6bc20ff90a8ccb6bcb1cfc44722ef4601b463678

    • SHA256

      fa5b514cc6250b204d8c46ee8212b6db4e1c273904b9df51993b5dba4b07d865

    • SHA512

      b87523d2b436d0a8b488eb5a99c09a65d90cd94f238e5f32727f739e73b8d3f3225dd785be4c2d8e0c66216d38a0b375ba7b8ea5aa12344c2be9601667b0024c

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks