Overview

overview

10

Static

static

No42113-No42114.exe

windows7_x64

10

No42113-No42114.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08

  • Size

    841KB

  • Sample

    220521-cky3haeag9

  • MD5

    913b11559bcb1d4763a653741472c81e

  • SHA1

    adc1cc8fb308bae8d7ffb404e0f8039cc58ee198

  • SHA256

    ca144462b30d41d857bf6e92ab7970b22ec69ec6301aaeca6d114c624bebeb08

  • SHA512

    d8ae5d3a751f09c45fbe8961ee7093d63744734eed4e680a9d9df6afed2b33fa6367fb205c1695ce4fc85d45bc92c8f506345ab0ba9eab9fd2a28aa0e3343d63

Score
10/10
massloggercollectionransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:17:31 AM MassLogger Started: 5/21/2022 5:17:16 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\No42113-No42114.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:18:10 AM MassLogger Started: 5/21/2022 5:18:06 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\No42113-No42114.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      No42113-No42114.exe

    • Size

      922KB

    • MD5

      f199ca0e897812a4218b91a293a7656b

    • SHA1

      0c9ea2d1c5c0254a278940c3b5ca7c25942b50fb

    • SHA256

      9300260a0aa311aa5e53e3c015ba7c63bb52ccb40c9841d4f566a6019143257d

    • SHA512

      3dd1ba3483ac0ce0d4202ebcf400ed0abd7a17f5e5e595fbff9f08606a72d21a3f752b3fff72e91c966a6db1edd44a0807681ec6e901927275a2f3441d2464d5

    Score
    10/10
    massloggercollectionransomwarerezer0spywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks