masslogger

General

Target

4464f85e92b417a3ac8cd3a4578cc4557f9cf9df36240052605dba93a4968571
Size

850KB
Sample

220521-n83ldaeha2
MD5

5269cebe4f267fbd1f0def6870b8f3fc
SHA1

10b821f502ac01ccfffe07a8afe413ca7ce99c66
SHA256

4464f85e92b417a3ac8cd3a4578cc4557f9cf9df36240052605dba93a4968571
SHA512

f6bc8e2d2e7ee3e559e67e0057382c2c2e4d755cf06e40bec8835d6ab1b2ba82c95e3642f2dc7a85bf847b816c362445e14c4212d386ef3454861b572c0302f4

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:57:52 PM MassLogger Started: 5/21/2022 2:57:38 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Company Info.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
m4cfund@yandex.com
Password:
Dmacdavid

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:58:55 PM MassLogger Started: 5/21/2022 2:58:52 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Company Info.exe As Administrator: True

Targets

- Target
  
  Company Info.exe
- Size
  
  1.0MB
- MD5
  
  49c568fb7de5bb77140ab3b40e54fdff
- SHA1
  
  6d74dbf23a857e11d9a30a28e2ebe7dc3b74735a
- SHA256
  
  77f7dd01dbc1cfa243fc8301937058094b3c02ffb3f18e8dd7b3221723705049
- SHA512
  
  de918d8654df77256b5a7036c8c5e969605c2744e160b58cb5bd86e0abcf691c9f55bff43299b3149152ce5c02191c9b8e56b4254dad7e9dea2c7dc7b41489de
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2