masslogger

General

Target

30790fef99d6268954e9ed162242fd1b83e4d194a6a2c52bc4d1f7d4e8cc32eb
Size

837KB
Sample

220521-bbw14sefgn
MD5

995cfb96e7f2abd65b035ad1a616132a
SHA1

0929e203ca4956fe7201b5ffa10757503a75199b
SHA256

30790fef99d6268954e9ed162242fd1b83e4d194a6a2c52bc4d1f7d4e8cc32eb
SHA512

cc65a1d7893f2df10297f215c62d911ec5983700580c9d2b219614edd2de336069f691a3542f412ca2c98a23309e7cc066ab0fdfb7e59f61444f75aaa697ed2f

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:24:06 AM MassLogger Started: 5/21/2022 1:23:55 AM Interval: 9 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Attached is the new Order.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:25:36 AM MassLogger Started: 5/21/2022 3:25:27 AM Interval: 9 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Attached is the new Order.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Attached is the new Order.exe
- Size
  
  888KB
- MD5
  
  cffaedf855277c8b700af88339101f60
- SHA1
  
  744fd4854ed7cc50777d09b91f3014036e4c9b94
- SHA256
  
  813fe52cdbffcab18b99e3927eefeee22211d239b62b851fa55c01b68d39962f
- SHA512
  
  7970d8bb2bb8e443e9475ed47725f8a3688f7c15a97c925c3829c2472ac22498eee738760c1f763679d08d2977eb3be398ff43f876e6507148b7fafb8cd44d8d
Score

10^/10

masslogger collection evasion ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Modifies visibility of file extensions in Explorer
  evasion
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2