masslogger

General

Target

3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01
Size

829KB
Sample

220521-bbmgnseffl
MD5

5070df99d9ae4f1424f6b294e8671bb0
SHA1

5be88e43b6b3d8695e7883ea9b3471b8dfb875a4
SHA256

3b7c9f0dcedcfc7e28204e228da8bfb05111a0621b097f4c57bea36074dfee01
SHA512

d05bb1237fe7408493d8b0c804f3bf385b5011491a3af187030ad0c8b8f096c2bddc8f958899ce452bda41dbd583468d1154bba0de6425e09d022570d19d38ac

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:23:45 AM MassLogger Started: 5/21/2022 3:23:21 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\_____ ____ ___________..exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:24:21 AM MassLogger Started: 5/21/2022 3:24:08 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\_____ ____ ___________..exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  ????? ???? ???????????..exe
- Size
  
  879KB
- MD5
  
  0d0cc9c2442100d75fb6e2a7f3a9a3a7
- SHA1
  
  303231ebf1f84bfc7bffa5f4ffea7f7864932bc7
- SHA256
  
  d9b75b8d542d8278b8748169b3250cdf07604dc91e9d5c5a5686727d9f58afb7
- SHA512
  
  d25fca0f3f39d8f4210a5078024e45ad830b58c9ff95c31bc35baf2f8cc7cee59e349ce41381106c27a1534beb567d475c984c28d7ccbe324c090bff54159347
Score

10^/10

masslogger collection evasion ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Modifies visibility of file extensions in Explorer
  evasion
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2