masslogger

General

Target

114f6ec5f4bf961c2cefd0640c19bf6c7efb1e59f6a58b289fe098e4db0074c0
Size

902KB
Sample

220521-d1h7nabfdk
MD5

784d57159f933dc36cbb1b5330bf2e87
SHA1

f9cf5b5f8a5318b88bcdde4969bf4231aacca9e9
SHA256

114f6ec5f4bf961c2cefd0640c19bf6c7efb1e59f6a58b289fe098e4db0074c0
SHA512

f727cc7aaa71435ad2317ef12f8771b2f3633f6f9730d45c54e72940cb7cbee7f3a0217bd9aeb12140efb9606b00516c94e3ccd36ef51b549ff16802b81d9d32

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:08:28 AM MassLogger Started: 5/21/2022 5:08:17 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\HCtR5cTfBBvX0Tt.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
@willsmith1.,

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 5:08:29 AM MassLogger Started: 5/21/2022 5:08:26 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\HCtR5cTfBBvX0Tt.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  HCtR5cTfBBvX0Tt.exe
- Size
  
  956KB
- MD5
  
  946617f29b6f4d728a590d6eaae36126
- SHA1
  
  d06818f1f24d85e26d7159845076f346564253a0
- SHA256
  
  45ef1e51df38e6778aaf2cd726748b55459b4aa54a2c8c2fea445cab0885f7bc
- SHA512
  
  7204f1163662f391fe09c2637ca9c2e07e08bc1c047fab4e1594c49a37fb222093d86298c267cec9ee27f842f538f480c2bb8078ffea59c501f4777ff50a7d2f
Score

10^/10

masslogger collection coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2