masslogger | 198f0de0ad9295ded03239d689b9a6e64ce4d694dfdfd27bc002230d1886e38b | Triage

Submit
Reports

Overview

overview

Static

static

ORDER202.exe

windows7_x64

ORDER202.exe

windows10-2004_x64

Sharing

General

Target

198f0de0ad9295ded03239d689b9a6e64ce4d694dfdfd27bc002230d1886e38b
Size

1.5MB
Sample

220521-dyfzhsbecm
MD5

013f3bddb8467d83ee326f607729c1a6
SHA1

c3248d2420c64447055a35711249b64a774f389a
SHA256

198f0de0ad9295ded03239d689b9a6e64ce4d694dfdfd27bc002230d1886e38b
SHA512

3da3b34bab838fe1458247c719fc3f0951a82f7912f2aa55a829d8adba7f4047f606d32414dce41254802a266bb14b74966b6db60a9e78cb9a0928101e756997

Score

10^/10

masslogger collection coreentity evasion rezer0 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ORDER202.exe

Resource

win7-20220414-en

masslogger collection coreentity evasion rezer0 spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER202.exe

Resource

win10v2004-20220414-en

masslogger collection evasion spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ORDER202.EXE
- Size
  
  941KB
- MD5
  
  0a3d357409cb2337a4d533b64b8265cd
- SHA1
  
  33cd12b0333af20dcb611b1f42d6a62f8167e90b
- SHA256
  
  5f678c283847316bd366cc6a5dcd2b20072271080f493607a03ecd5d26ba65a7
- SHA512
  
  8b2f1ad1c8260e2afabf8290d680ee29249fe2edb79d7740b039729f9cc5bbd3231836ac249a206488cb375efe9c3f5979b9b1b7e30e56b19c5692365b67fb64
Score

10^/10

masslogger collection coreentity evasion rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Modifies visibility of file extensions in Explorer
  evasion
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectioncoreentityevasionrezer0spywarestealer

behavioral2

massloggercollectionevasionspywarestealer

© 2018-2025

Terms | Privacy