masslogger

General

Target

79690d4fb9d6c28644bb6ffaf431fb985b626ab681c857397e54c05ff221b46d
Size

795KB
Sample

220521-c7anesfbb2
MD5

82893a5afec0b0ebb54baf8f41e84985
SHA1

98d78010863348bfb9a0bf488cc3f4c77d28257e
SHA256

79690d4fb9d6c28644bb6ffaf431fb985b626ab681c857397e54c05ff221b46d
SHA512

588e223005b7a134bbb8575a0c68c81a193c56121eedcadd9bdcf36a9e82bea351b8dd043b8d49700529692633fef3cb29b5ddc9a5d401b0df3bf56374d70097

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:04:01 AM MassLogger Started: 5/21/2022 6:03:34 AM Interval: 6 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F293CD6622\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:03:06 AM MassLogger Started: 5/21/2022 6:02:55 AM Interval: 6 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Amfl6kh#?~N0

Targets

- Target
  
  [C38226] #TD JMMasuda_Mfg.exe
- Size
  
  817KB
- MD5
  
  6ca7ca71e6777e838bb32c911e5e68eb
- SHA1
  
  a3c11cc089fd8f5db0d673d9f4f63d495ee3cffe
- SHA256
  
  fbc70395ea55477b8827145c12f85133565b1be20e31f71327ea17d2706127be
- SHA512
  
  c772675fe56dc2d95bdf7ff59c0a0ea81f0743f074cb5c7e9c29fc78e8f9eb19eb023d9b0a2bf2f9aadef2250dba78667a454db46275c7a9a91a800180ccef58
Score

10^/10

masslogger coreentity ransomware rezer0 spyware stealer collection
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2