masslogger

General

Target

2d7635267f2d61a1f505e1ce8e760361f45ecb398a633e142bc2f446766229e4
Size

757KB
Sample

220521-dsy8xagcd3
MD5

03919aebf0b8fd7b7b4055116ae509a9
SHA1

2108c4cbf4e5a544e59115740d4b43f58cadc15f
SHA256

2d7635267f2d61a1f505e1ce8e760361f45ecb398a633e142bc2f446766229e4
SHA512

805b68c7aebd2d60b08b6540e197364f61b62f54ab502019a5999e3b38e52e94817bb79e2f969fb26d23feada2959572a814f2f52414d83186c44d1e227880d8

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8506BBE7FF\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 6:53:00 AM MassLogger Started: 5/21/2022 6:52:47 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SCAN 0004_DAC cable inquiry Project lists_EML.exe MassLogger Melt: true MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 4:52:59 AM MassLogger Started: 5/21/2022 4:52:56 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SCAN 0004_DAC cable inquiry Project lists_EML.exe MassLogger Melt: true MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  SCAN 0004_DAC cable inquiry Project lists_EML.exe
- Size
  
  785KB
- MD5
  
  6a27f551bdad73b4304c1315f303f03b
- SHA1
  
  f570bea0bc397ec47b8f35c4abc89846fda6841f
- SHA256
  
  7485d0901ff7712ac62ed00e1b0964d9656d73d1b916f399fba125753f50c05d
- SHA512
  
  41fc27ba89c81f6724a0af33baa637646d5e98bb7f54b8e2c61d864c94e058b51031371f109c26b29d8815d0469566520cbeca1f703a54f993562bb5c96cc92d
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2