Overview

overview

10

Static

static

Scan_DSV 0...DF.exe

windows7_x64

10

Scan_DSV 0...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ac5dab94f488da04edfba6206d21012883f423037adfebf7e475571cee5b84d

  • Size

    1.0MB

  • Sample

    220521-bq6tvsccg3

  • MD5

    0b383de819247c3d13d4dcddf915c235

  • SHA1

    8d689036a918199960eb5d23a2c63a8c0088b355

  • SHA256

    9ac5dab94f488da04edfba6206d21012883f423037adfebf7e475571cee5b84d

  • SHA512

    8debafda2c45e45b8868ba4c7ef0e468a5e77b4dfaf8ff2d42dfb8602e1ddbbb9659310b6702dd3ee8fbc7df9ef3068e0b7240ccfc331d12d78891854efd01b6

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:05:32 AM MassLogger Started: 5/21/2022 4:05:21 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Scan_DSV 01072020_100284001972_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    whayasaynewnew

Targets

    • Target

      Scan_DSV 01072020_100284001972_PDF.exe

    • Size

      970KB

    • MD5

      40b83c8155808ea18beef168bea47055

    • SHA1

      0dc6101d19d2c4a922db993be442b01200cba87e

    • SHA256

      a39ea4510d732392bba8682a020321dc7dfa259387244117cc90e072fea20c82

    • SHA512

      850542f39ebfa38158d210e360f6f378753a16045b399a7f40c39fecac99d75b46757803b1e0064e1877b377599def977ff921378da5f4526f050770d579226e

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks