masslogger

General

Target

9f377c8709ba71efaa74d270b7a4c98f44ea62847c66d2e54a1d1044bb8a2577
Size

729KB
Sample

220521-n3nj9shffq
MD5

1799701f59581e92fee638c2791756e5
SHA1

fe26ea68a82668b47ffa09212c18fd21688d5efb
SHA256

9f377c8709ba71efaa74d270b7a4c98f44ea62847c66d2e54a1d1044bb8a2577
SHA512

1bd0c29a32fe41969b0cdae4054ce25f5b6c7474b22e2afc08c741a0703d9c24d0ec130e979971c48026e5f5ef3dff1076ff216f11f288b927a96253596f156f

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v2.0.0.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:03:23 PM MassLogger Started: 5/21/2022 2:03:16 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Invoice.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Invoice.exe
- Size
  
  818KB
- MD5
  
  922902037e92ce7c5297054a629f1ef5
- SHA1
  
  59ca48a0edf12bd54e7a7e956e3ded80f75cada5
- SHA256
  
  37eb096457c5f3b81945f57de1b46674cdd7ccf83714f0bc4c0d982ade2405bd
- SHA512
  
  ec101fb291b663b9916b9d056e0f10564e12d44c747cd3b5e2f1b93bce07073a0deb1b9e1c041c549d4381a254c2db9c72ce50258fec82e4dfd23faa159ab80e
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2