masslogger

General

Target

c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570
Size

1.2MB
Sample

220521-nc8gragfbk
MD5

0702d67039d4a679a0827f0fe234a18f
SHA1

7e706601b1ce37947451bf0e1ada40be2cdef351
SHA256

c35efac9d16552df2c7020672b7a1b10f18922aa7c52b1f2b9418a2fa2802570
SHA512

648469f430fba77be83782b29fe4f184bade06f87ef5fada6de3c7d2fa21f62dc615a29cd084b41cfa66d82d054d655a645d40e23fdcb8661d9697d8a019dc9a

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:34:29 PM MassLogger Started: 5/21/2022 1:34:11 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Dmacdavid

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:34:11 PM MassLogger Started: 5/21/2022 1:34:06 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Targets

- Target
  
  Erenrcompany.exe
- Size
  
  2.3MB
- MD5
  
  97ce671821460fdb8d39cafd4465cd90
- SHA1
  
  abcbc042a758985fd3ea04af3945de5f0944dc60
- SHA256
  
  50ff0aae0a9f7c1fc39e15483e5ebf8235d18c9d9ef2a5bd75a538c0a42e444e
- SHA512
  
  9d8b9e7ac98b77950fa904e83d7351ca5003145a7a3312d35ddd8d33d4ab853ac33cb87890538ae1212ca52c2e6f9d2853f79e1a4cf28ba079d6d1cad05df754
Score

10^/10

masslogger agilenet collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

Obfuscated with Agile.Net obfuscator

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2