Overview

overview

10

Static

static

10

PO__2001.exe

windows7_x64

10

PO__2001.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce

  • Size

    1.8MB

  • Sample

    220521-dal6mafce7

  • MD5

    bcd8b981f9806750d706051e3b32342a

  • SHA1

    40aae52d6f135869877aba34cd33229335229986

  • SHA256

    6e4fa34445f2439fe41ba7df0502aad79728646a2138b264e5945c9c980794ce

  • SHA512

    10881f91ccb322f12a724ba4b8b848ec5d55232afaf9ac1d8c9582f729893b822a61f2a8bc7be542c3f662080ee4cf10a22b99160c79efd8a4c5a5c17e1bf231

Score
10/10
massloggeragilenetcollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:12:28 AM MassLogger Started: 5/21/2022 6:12:09 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RegAsm.exe MassLogger Melt: true MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\2EF8342664\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:12:21 AM MassLogger Started: 5/21/2022 6:12:09 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RegAsm.exe MassLogger Melt: true MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      PO__2001.EXE

    • Size

      1.2MB

    • MD5

      5023566d205bcc7958ccbc84be950e9d

    • SHA1

      4f7f6f3ad838506c5b141537f413eb341bf17027

    • SHA256

      b88b1caee334cbd27f17d4310f2b51c26a5a9411452ad2f4b7fa17e1e81b59fb

    • SHA512

      732c033c5c38464f2255e964054d1e4d727cd31f7c64817d9a29e3d44da30583c2e552646f7fbc4a37e4662a4457c2c40abd1ee95d80ddd84e62b20e004deaa6

    Score
    10/10
    massloggeragilenetcollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks