Overview

overview

10

Static

static

RFQ-654J.PDF.exe

windows7_x64

10

RFQ-654J.PDF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fdc07b8f99515de29d76b4bd2eaed4189a40424c3220078d9a6107d4d467ca7

  • Size

    830KB

  • Sample

    220521-c92jxsadcl

  • MD5

    1078258fb450d4489063a52c2b998c6d

  • SHA1

    9a16fa11f853157c5864a9d495173e36d83ce93c

  • SHA256

    6fdc07b8f99515de29d76b4bd2eaed4189a40424c3220078d9a6107d4d467ca7

  • SHA512

    14a6e6a282fb7a1a07a8d033e639714fc577f7716dadfe15d4c3eade27f1615984b6d4162515d3a5ddfa4891943f91a17482fe1f0a7aaf5348f6388dc8b6f7d9

Score
10/10
massloggercollectionransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:13:09 AM MassLogger Started: 5/21/2022 6:12:52 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RFQ-654J.PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:12:48 AM MassLogger Started: 5/21/2022 6:12:40 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RFQ-654J.PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      RFQ-654J.PDF.exe

    • Size

      1.0MB

    • MD5

      ed36232d90ecf5e26f7a3d3e47a69538

    • SHA1

      0b763bbb18497413aa94fba4196b71a5e63b15f2

    • SHA256

      bf6cfbc2faffe3db3f98b7bbbf7e4af52e034b84091f38d786b4ed9477d6a574

    • SHA512

      0d81d2f789418c65b59cdc0d41629d51a3eeb91bded36abc956378e2b2ecad0b41de38b415b56699a6403f1f6ed45e3c5b5cee1bdd426169acdbe51c305f1cf3

    Score
    10/10
    massloggercollectionransomwarerezer0spywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks