masslogger

General

Target

cc9ae78b60d6b704035fb7e1d41d2bafee02b00856544ab7f4b8a64e60753144
Size

743KB
Sample

220521-bnzb1acbg5
MD5

5db335dcde340486a564cea8ffb0b952
SHA1

2238dfc07a5115d20b93f97fd1ebb70ff024f240
SHA256

cc9ae78b60d6b704035fb7e1d41d2bafee02b00856544ab7f4b8a64e60753144
SHA512

8b9f11d3716fe165e8b7f58c512ad18936e971bf0bd96ce44b55e617c2d2ea19e25333160369c5d1f74c68c7bc24b69a363034494963169b97f6fd2990688339

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:00:07 AM MassLogger Started: 5/21/2022 1:59:56 AM Interval: 5 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:01:36 AM MassLogger Started: 5/21/2022 4:01:25 AM Interval: 5 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Targets

- Target
  
  167647227-54134-sdfnt4-2.pdf.exe
- Size
  
  845KB
- MD5
  
  7dc2565dadc8f091295dfe0b87fb40d8
- SHA1
  
  05de206b83b43fa25e199ac07a38eae56cc97e8d
- SHA256
  
  c75eff508f62cf4acb9960a32a93e15f4037325a66b8b669649c83d08ee70730
- SHA512
  
  dd1c27d1349c55056ce1af23c0f0123aeface0188c898b0dfa9d29fb78f45280430f00b8e775f85ad1a9bcac456c244b745bb2a2522b59ddb0990ed2b571e612
Score

10^/10

masslogger ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2