masslogger

General

Target

f1e4fd001ddab683c7aa0e2b032e32c880fc74217d28a8f05888b9c56cf01e06
Size

803KB
Sample

220521-capfbagehl
MD5

4bd4c303e2e3f0f62ec210c3e525c0c1
SHA1

126703fc06fa113a28ad62f90bb3566f4755be30
SHA256

f1e4fd001ddab683c7aa0e2b032e32c880fc74217d28a8f05888b9c56cf01e06
SHA512

59221730e77663ecc7b95631e1446a9f5694082563c800d9fe076564999c17d744067012fe8fcf653a99d61d14e22f3e20ebe4eeb9afd4ac53985a02efe23383

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:48:19 AM MassLogger Started: 5/21/2022 4:48:06 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
finance@supreme-sg.icu
Password:
biggod1234@

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:48:09 AM MassLogger Started: 5/21/2022 2:48:06 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Targets

- Target
  
  QUOTATION.exe
- Size
  
  864KB
- MD5
  
  c2b1fcf142b7b221817ace1073ba58ae
- SHA1
  
  e8952c01300ae5a7ca6cc2e24807a6c12aa556ce
- SHA256
  
  6d23e4cb2a7704f3ebeaf44893bb9c1df101f0f03d522ceb51a0e1cfc7f8e8ec
- SHA512
  
  6c82b754c8e4c2df128f5f562867d59cfabe1feb24a8adc2ec1db3a6c545ed59de18f8804689bf0ef4f81abf3e169ac937fdaaf66b2daaaa32d96772cd5ec3b9
Score

10^/10

masslogger collection coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- CoreCCC Packer
  Detects CoreCCC packer used to load .NET malware.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2