masslogger

General

Target

3be36c0b240bf371841a1a6d168dbab2f1f99d408d0dc8825565d4f5dac2fcf9
Size

779KB
Sample

220521-dn49csgad9
MD5

5575024e4fee3981795135dfff1179bd
SHA1

1e757be2b10039690499ccd81228a1b8c1cb9d56
SHA256

3be36c0b240bf371841a1a6d168dbab2f1f99d408d0dc8825565d4f5dac2fcf9
SHA512

9af9b6b49a6b555ef4d38ffe3fe03e21d75d4e6f036a42d67799319b6a3622f24db54aa865ea21d4d59443d06f79e06e0faba924d43396ccecefa9c971471735

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.8.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:42:43 AM MassLogger Started: 5/21/2022 6:42:30 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Commercial Invoice Associated Bearings shippment.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.8.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:43:13 AM MassLogger Started: 5/21/2022 6:42:56 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Commercial Invoice Associated Bearings shippment.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Commercial Invoice Associated Bearings shippment.exe
- Size
  
  813KB
- MD5
  
  2ea9a5352638c9c6430047177dc5a5c1
- SHA1
  
  9ad903dc1f854293f10fdfb85ff1a3839fdc7751
- SHA256
  
  9100a66246aa52a3839f411bcf8763f423abd9ae1ac664ea0435d23bc0e6f03f
- SHA512
  
  4a6ca927613d4b37b515c8bdcdd0ca13573f3dc517ec662211ab2aa31a76c0046a51ab80f36335371d421e34baae5dc13d47aea9e4a4b385a4ed4fc8bc5e310a
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2