Overview

overview

10

Static

static

Invoice.exe

windows7_x64

10

Invoice.exe

windows10-2004_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f377c8709ba71efaa74d270b7a4c98f44ea62847c66d2e54a1d1044bb8a2577

  • Size

    729KB

  • Sample

    220521-n3nj9shffq

  • MD5

    1799701f59581e92fee638c2791756e5

  • SHA1

    fe26ea68a82668b47ffa09212c18fd21688d5efb

  • SHA256

    9f377c8709ba71efaa74d270b7a4c98f44ea62847c66d2e54a1d1044bb8a2577

  • SHA512

    1bd0c29a32fe41969b0cdae4054ce25f5b6c7474b22e2afc08c741a0703d9c24d0ec130e979971c48026e5f5ef3dff1076ff216f11f288b927a96253596f156f

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v2.0.0.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:03:23 PM MassLogger Started: 5/21/2022 2:03:16 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Invoice.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      Invoice.exe

    • Size

      818KB

    • MD5

      922902037e92ce7c5297054a629f1ef5

    • SHA1

      59ca48a0edf12bd54e7a7e956e3ded80f75cada5

    • SHA256

      37eb096457c5f3b81945f57de1b46674cdd7ccf83714f0bc4c0d982ade2405bd

    • SHA512

      ec101fb291b663b9916b9d056e0f10564e12d44c747cd3b5e2f1b93bce07073a0deb1b9e1c041c549d4381a254c2db9c72ce50258fec82e4dfd23faa159ab80e

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks