masslogger | ca175c94eb00b4846925e068678e41edc91faf50950303699635ee3f0546683b | Triage

Submit
Reports

Overview

overview

Static

static

rfq Img do...12.exe

windows7_x64

rfq Img do...12.exe

windows10-2004_x64

Sharing

General

Target

ca175c94eb00b4846925e068678e41edc91faf50950303699635ee3f0546683b
Size

813KB
Sample

220521-ckx57shagl
MD5

34dd4d75d410583c2f9ac5675f31965b
SHA1

1189e38de9961903d422cc5b326199ce2cbd63a9
SHA256

ca175c94eb00b4846925e068678e41edc91faf50950303699635ee3f0546683b
SHA512

d77e39494e19bca9ecf409f1e268714154cd91c49cc7ba542fbf4e1f42fbfc5816e27d2a062e78508e4fc7b44ff015d0e332d5e7eca79669d9a0d6cd35b2a006

Score

10^/10

masslogger collection coreentity rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

rfq Img docs892712.exe

Resource

win7-20220414-en

masslogger collection coreentity rezer0 spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

rfq Img docs892712.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  rfq Img docs892712.exe
- Size
  
  957KB
- MD5
  
  ffff0929aa619672f34a16a852e975c5
- SHA1
  
  dcb35d17e4df834d0d1d6666c3f06b082248c745
- SHA256
  
  c324d9dd65de8e5ad44795db94a24c3b2b3db5cdd88d5c35de386e039772a364
- SHA512
  
  f99331a74a77b9747c115b5677c249380f31470d069742c2c367a4cfe785ca7ad9fc76fbd8b5e4d32d814e619a03b120672c86e076937d078942314b208bdbd4
Score

10^/10

masslogger collection coreentity rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectioncoreentityrezer0spywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy