masslogger

General

Target

4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25
Size

885KB
Sample

220521-n8gznsegf6
MD5

988c76a8ba32622ea114119c21c6b8f9
SHA1

8b2f22ab2bbb55c78243ecdd0e2aa465fd60d144
SHA256

4d202d4afe38b078d7aea0d9c1a89e2f0ec027e1555ce35328a293dcaef8bb25
SHA512

2fb532117a0f855ff1df537a16f781d38bdfbfcc14c61c63ce738ea0d651a1d72f44460174425199d7d50c262816f94418432c6372d8e04178ede8aca5fb399c

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:57:36 PM MassLogger Started: 5/21/2022 12:57:26 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:58:21 PM MassLogger Started: 5/21/2022 2:58:11 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  T.HALK BANKASI A.?. 25.06.2020 Hesap Ekstresi.exe
- Size
  
  975KB
- MD5
  
  c9a52acd2cb5a21a32cdeee85201d66d
- SHA1
  
  5be53cb72024fac27e027857c09ad79c4a7124a0
- SHA256
  
  c60b9f94ebece1e217b2724d77bd929dd208466813954315cb588887c6a21480
- SHA512
  
  233ca6cdf1a4cf2a74a9a4c6496859bbcb8ed957a0fa2c99107f3a4cd775fffa2ab429c85d79cc66176a99014865b672faeb6273ffcdf52cdf46f47a14553224
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

ReZer0 packer

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2