Overview

overview

10

Static

static

INVOICE09809000.exe

windows7_x64

10

INVOICE09809000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb

  • Size

    809KB

  • Sample

    220521-c3zrraaafk

  • MD5

    079530e797c64050305227ec11d2058b

  • SHA1

    c0132a25187dc00c5c5f89b6ef4135f1cd0a3501

  • SHA256

    85216c53e9590919930a55a1040fd4a67f4ff5440f12022c736baab95284a3bb

  • SHA512

    0012999a7e123ffc45c848bbf76b8891c7bf267c8efd4b41e2d3d29fd07963dfb9aead7534271fa624971e89685beb3353b1b82ccfeb33195c3a10e605cbfd24

Score
10/10
massloggercollectioncoreentityransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:58:11 AM MassLogger Started: 5/21/2022 5:57:56 AM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\INVOICE09809000.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:57:38 AM MassLogger Started: 5/21/2022 3:57:35 AM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\INVOICE09809000.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      INVOICE09809000.exe

    • Size

      919KB

    • MD5

      f580ef1e3aea53f11f733293d5dea0c8

    • SHA1

      31210d185fe5da5d221fe6e77ea8057a9b3d91f1

    • SHA256

      d1befdea5b845b2f44b7b2202bdf3d9e09a26fda3287581db28af324c865cdec

    • SHA512

      cc4d96d43498dbfe915fe67d9cb25308a4a08e8d3360b7649dfc800d146111597c3f852fe1d3e29b605b4e4082759d8a83ef7231e686a01e49f59b6569605150

    Score
    10/10
    massloggercoreentityransomwarerezer0spywarestealercollection

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks