masslogger

General

Target

a387eda9019c925849747107987f8e232b8c0da6f1f40dccec3eb525cc35d051
Size

803KB
Sample

220521-cv6kbseef2
MD5

34b80396d558910fae81a63dde7eb3df
SHA1

3083f5fd4cefd79ba80aadad04320d148743eb11
SHA256

a387eda9019c925849747107987f8e232b8c0da6f1f40dccec3eb525cc35d051
SHA512

0b5fd74b2a0e43f5d61520d5d8d1086c66dfdf10e61dfa40cdad718cedf33c7c61e8d71cdfcfec386b97e9e76576fe2c6c1f77645d6098743395a5d72bcbfa27

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:36:21 AM MassLogger Started: 5/21/2022 5:36:00 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
requestShow@

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:36:37 AM MassLogger Started: 5/21/2022 5:36:26 AM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Targets

- Target
  
  RjJZqTyRrEpvftP.exe
- Size
  
  863KB
- MD5
  
  95b6c2e6cfef73be03af6ec5a4c82be8
- SHA1
  
  de12d0b9c6141d48b5cf436446071b57cab750be
- SHA256
  
  05634115b645d0df04cd66ef32a3d4301fda48edb1750d87f404e1ba73b6be04
- SHA512
  
  339cb7d10389e45aa87b0e8e76a95662e4a7487e8585ba58c085956b0fde873ab068a6b4880d96f2641aaa4b8ef786516292f936386201846ed5e986f008604d
Score

10^/10

masslogger collection coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- CoreCCC Packer
  Detects CoreCCC packer used to load .NET malware.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2