masslogger

General

Target

ef135ff370965b368d1a590d09638e105809bfcf3696a754ce8945de0a574c37
Size

860KB
Sample

220521-bl765acbb3
MD5

788335a0391e4b1a8547bb353116205c
SHA1

1640eccea9f93d18c4db3bc061ea25ee984e3c99
SHA256

ef135ff370965b368d1a590d09638e105809bfcf3696a754ce8945de0a574c37
SHA512

13a42405f7a7a48e494eaaca303b5df188c73b3c8e29145884d3d9c31c54b069b0527bbd638bce510b9963dee3dabc6f5725dd03e220cda189e60053b3c03c47

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:46:32 AM MassLogger Started: 5/21/2022 1:46:21 AM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL SHIPPING DOCUMENT.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:46:44 AM MassLogger Started: 5/21/2022 3:46:41 AM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DHL SHIPPING DOCUMENT.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  DHL SHIPPING DOCUMENT.exe
- Size
  
  983KB
- MD5
  
  1e9264b9a9412d1de2a4ddf9d062f9d9
- SHA1
  
  d1d71a586ea0fdc9cf2f3e584145337c0580d7b3
- SHA256
  
  60464dbfb4a5cb7227d3afe20367adb84757365e1b9a466ef95c0c96c28b31cf
- SHA512
  
  53d2f22148b62912a23c1056e65df435ff07ec97915d359fa330ba605eff9876f8580ff6041146bf3f44f2f099262bc1ac71d365cb63337e850312f6bddfbb2f
Score

10^/10

masslogger ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2