masslogger

General

Target

b2ad224e14768937724111bc6367030c09ea540476364fa052a64701a2c940a9
Size

915KB
Sample

220521-crangsedb2
MD5

c9d760f0e4c3c48c141aaf5db4eaab9e
SHA1

2aa452611dbd3916c9df6a6e588c134785888ab1
SHA256

b2ad224e14768937724111bc6367030c09ea540476364fa052a64701a2c940a9
SHA512

0cec58b436d783c4d3b2de44b1479e71c4187ec61f3f86f64375ab558efb1575a72150c792c2e8c9f6000a476dbd4d7be9af0ba2df6a2547c1a3e1e2c3b08a6f

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:29:29 AM MassLogger Started: 5/21/2022 3:29:18 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:30:40 AM MassLogger Started: 5/21/2022 5:30:29 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Proforma Invoice.exe
- Size
  
  1.0MB
- MD5
  
  a009bf5f0bc5b29b3c7f70203584c20c
- SHA1
  
  1f95f553fb11d4d6f6b7a6a15a3ed19aba8403ba
- SHA256
  
  8c3156c901bae62d20fce1aa07a4c0e0252ac6ab6443877396a37f83441f2b65
- SHA512
  
  4185e273e76f21c4521f243d6f7aab693996269e4937053c053bba3ac2f83dcf0039b02ff7da23ae2648bc906e96e18f2f82e21a58956268518d4b1fd688b9bd
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2