Overview

overview

10

Static

static

shipment d...df.exe

windows7_x64

10

shipment d...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca65b4f4e502d041504096fc855bf98d75bf824331442f6df97e2150df9c5821

  • Size

    792KB

  • Sample

    220521-ckt4jseag4

  • MD5

    5cad38a805c183331cf2829328d92ec0

  • SHA1

    1f4a973215b83a6033fc1d001348a209b91052ae

  • SHA256

    ca65b4f4e502d041504096fc855bf98d75bf824331442f6df97e2150df9c5821

  • SHA512

    9c0ba1738caeb66272f896f88db5ff508b3e99c4da44837b50da156b43134962e07d31a8aa444d6e9f9565e102a463f9507cb2e51f62577b304ab5ddef86a05b

Score
10/10
massloggercoreentityransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:16:31 AM MassLogger Started: 5/21/2022 5:16:20 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\shipment document pdf.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      shipment document pdf.exe

    • Size

      825KB

    • MD5

      58d90785308067dbb5b317014a3d3b41

    • SHA1

      11ce185684c80f65946c9f36029725fa48b56058

    • SHA256

      96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86

    • SHA512

      cf1662deb92f5e6cbd87ba395931eab5c9d12ba2bda0a6ce3564dec5c63307a22bfbdbf689b8b8562d05381e7f9bfa865141bc98a87f99885d3731ab33ff87bd

    Score
    10/10
    massloggercoreentityransomwarerezer0spywarestealer

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks