masslogger

General

Target

a17bc17287de7be6a356c706e3ce9d558bda0f58b839bd4725f8d18040dfe1b4
Size

810KB
Sample

220521-n3jajshffn
MD5

4cf60798c26fa4f111fa5b0ababf7a8b
SHA1

ced5dc398c60f706335c4e7a83c6b20de61e6d03
SHA256

a17bc17287de7be6a356c706e3ce9d558bda0f58b839bd4725f8d18040dfe1b4
SHA512

55ff6b6229dbd327188b84e23a2403dc38887e29cc305187953ca5222d96f4ac3f10805c1ab242938a7cad7b49ac108e44a5806c1d19de7d8fe780662a1f251e

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:02:41 PM MassLogger Started: 5/21/2022 12:02:30 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Payment AF 6252020_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:02:16 PM MassLogger Started: 5/21/2022 2:02:13 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Payment AF 6252020_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Payment AF 6252020_PDF.exe
- Size
  
  901KB
- MD5
  
  462d64b8cccac090d2d32c835ce36f32
- SHA1
  
  54b3ecf7515d602cf00ad219594e071bb874cc92
- SHA256
  
  be5e5be8981ef261f24b21b1d6b67f5041d10ecc3eb3697a67142d43e71c7ece
- SHA512
  
  cf53f6df2b445b1eb0b3b0309a5b5cd1a37f5e90135a161cbeb80eb662b6d95104d9083e62c4145203277b4fcfe45607fc07a7f80bc4fdced6c44f10cb751c43
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2