Overview

overview

10

Static

static

enquiry20j...IF.exe

windows7_x64

10

enquiry20j...IF.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f469a543b083c08d289261d3e9c0e7c8eaebb92633b4e8153d9448bc4c7a635

  • Size

    848KB

  • Sample

    220521-bbcbpsefen

  • MD5

    a41673ad458e81708629f34e6cf52dcf

  • SHA1

    036e87bd0d4a071f632bb46018c5a7dff72e4bd8

  • SHA256

    4f469a543b083c08d289261d3e9c0e7c8eaebb92633b4e8153d9448bc4c7a635

  • SHA512

    85ea8373387c1ad6ec976f85f1c4ffa66ed86529bda37730a09a80fbb54d35a1d1bd7fdef367f6656bfd3bac8c357b80171aa25aa7ca561b2e65e3cc042348f2

Score
10/10
massloggerransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:22:39 AM MassLogger Started: 5/21/2022 1:22:28 AM Interval: 7 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\enquiry20j20endooooo746e66682DIF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      enquiry20j20endooooo746e66682DIF.exe

    • Size

      1.0MB

    • MD5

      f819668951d4b48df71db51d6b218299

    • SHA1

      0e1704dbb3ce830c3a1e0719b6002419e578a196

    • SHA256

      49f037f00bc0861be7b26aa3a1d51e803b5ebe558d801d470783485a58bb799a

    • SHA512

      5875bf3377e9ed0cacc04e421b3e7a7f97fe1e810d4d85408ca2a67a9f0fef8ba1e652fa6b3ab9ed04b2e9a01193d5871f4c006ea236d38fb2ba8e30fc8022c1

    Score
    10/10
    massloggerransomwarerezer0spywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks