masslogger | b8493704bd4bfba80e23b626fa5a64846ddb2f6b3072d330826bb3c7072247ae | Triage

Submit
Reports

Overview

overview

Static

static

MA20-00242...ry.exe

windows7_x64

MA20-00242...ry.exe

windows10-2004_x64

Sharing

General

Target

b8493704bd4bfba80e23b626fa5a64846ddb2f6b3072d330826bb3c7072247ae
Size

808KB
Sample

220521-cpxegahcgn
MD5

503c6ce70433d9fe1668f388c39c07b8
SHA1

8b68667673c75f20ee525454fb32ae2defead242
SHA256

b8493704bd4bfba80e23b626fa5a64846ddb2f6b3072d330826bb3c7072247ae
SHA512

995a9a609f9be56019731be970c446e6762f2b38607d2ccb01ab889064cf3b77268ac46ac6a5af026cea948f4a37042e5cb56f5d1d70da357ed8add80eba9985

Score

10^/10

masslogger collection coreentity rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MA20-002423 WinterTrade Zrt Szeged Hungary.exe

Resource

win7-20220414-en

masslogger collection coreentity rezer0 spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MA20-002423 WinterTrade Zrt Szeged Hungary.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
gnaeask@2015

Targets

- Target
  
  MA20-002423 WinterTrade Zrt Szeged Hungary.exe
- Size
  
  995KB
- MD5
  
  821b0e70a2b51999a55f15a38e6d8ca4
- SHA1
  
  698488b54881ced2cebea6d0c8b57060bd232ab4
- SHA256
  
  d17e7aae62fd256c264b2602f913c5b918501a1416abb5c58a4f14bcafa2b0d6
- SHA512
  
  a2d9664daa16d67b4c62ec77d116037da9f93fa302e60a39836bf27da0d1beee2ebde30b6e4e6f36341e6573fe41caab0babe2e55a9b0565e5c20334244cbbfd
Score

10^/10

masslogger collection coreentity rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectioncoreentityrezer0spywarestealer

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy