masslogger

General

Target

a856e5350e746c93706bb1ab5ea9ecf205fa1ac10c4363a248cd8b9ef456e66c
Size

844KB
Sample

220521-negf2sgffn
MD5

6ca3db45bf4a118df5ede9f6cf474733
SHA1

c09f78352b5c75babf80eee33b0bb23403ea5da1
SHA256

a856e5350e746c93706bb1ab5ea9ecf205fa1ac10c4363a248cd8b9ef456e66c
SHA512

4aa0944418972bc11d3c2764ad57e41fa8a18bf6041da3a3fe0b4c98c26d71df88dd85e36b525061bc6bc0e8443a34e6b67e25cf5fd083f2b6d4af698ea4a1bf

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 11:36:49 AM MassLogger Started: 5/21/2022 11:36:42 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Order inquiry skmt042.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Extracted

Credentials

Protocol: smtp
Host:
mail.samlogistics.pk
Port:
587
Username:
imp@samlogistics.pk
Password:
Seaimport121@

Targets

- Target
  
  Order inquiry skmt042.exe
- Size
  
  886KB
- MD5
  
  293669a0b90d7bc20d639c077517ef93
- SHA1
  
  dbe8051a4f25ee4716297a36295cafb4e46c951c
- SHA256
  
  f6df04b1b109a5d525073529a3877c3df598f9fcb62278a82412fc7736ed1ba7
- SHA512
  
  1fbd62362ff5769bb07557a498c85eab818e4916a33aab2cc65dee5566ae3a6bc6b0761e943ea7d2551a70f7609881b8d3c23c1f69a60751ff1c80749079165a
Score

10^/10

masslogger collection evasion ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Modifies visibility of file extensions in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2