masslogger | 6e95aadb90487e5aeb5082adef9daa2befdf49dfb0eb021422c66501d8018182 | Triage

Submit
Reports

Overview

overview

Static

static

RE QUATATI...65.exe

windows7_x64

9

RE QUATATI...65.exe

windows10-2004_x64

Sharing

General

Target

6e95aadb90487e5aeb5082adef9daa2befdf49dfb0eb021422c66501d8018182
Size

802KB
Sample

220521-dadjgsfcd8
MD5

9b18c0bb167da3f915b1487450605852
SHA1

925c8cc95f5b6854adc799df14a6f6859873a7ad
SHA256

6e95aadb90487e5aeb5082adef9daa2befdf49dfb0eb021422c66501d8018182
SHA512

3f368d374255a21cd525a0d03f90406f74c6f2de4d9f3de7d561176be1103acb6f1bb3447263b1138b6912c7003a190aad9f6c1b356602acdc84b2c2ff4c1a02

Score

10^/10

masslogger evasion rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RE QUATATION 3456765.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RE QUATATION 3456765.exe

Resource

win10v2004-20220414-en

masslogger evasion spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  RE QUATATION 3456765.exe
- Size
  
  844KB
- MD5
  
  94b5d1e0347081440bf95c6e1a5a26e8
- SHA1
  
  5e945849f712f7a565a1c75d1d2e58eeff39775d
- SHA256
  
  846f306ccd5e9d610aa3bb92817e08e123cc6be01c4771cdcad518130770c9dd
- SHA512
  
  04d85dd2a93b3c9894d2c7e861910e507fdab0147556854eaa74f329d40e448d525e2eec9d106204a8dec8d951457a469a38a2a4b61c9cc7a133d46639bafdef
Score

10^/10

evasion rezer0 masslogger spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

massloggerevasionspywarestealer

© 2018-2024

Terms | Privacy