masslogger

General

Target

52fe0bd9d845df83c0f65bfcb4f5cb86f5fe3e4328d59cb1e459ffade64c3700
Size

808KB
Sample

220521-nhermadga6
MD5

82835b4a371a0fded1b7aecb9198cc3d
SHA1

6257b8f26783ba7ab00193dc082ea733925fe8b0
SHA256

52fe0bd9d845df83c0f65bfcb4f5cb86f5fe3e4328d59cb1e459ffade64c3700
SHA512

02c7ce8b3ec9f64c637b400fcc5e4597632ed686c3f6534d6977520e2ce85c4a49f8af75ee2afa5d99675c529faf7cbff76dabdf4143b8fdba3ead1e92224463

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:10:59 PM MassLogger Started: 5/21/2022 2:10:42 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Product Inquiry N0.3000334756.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 10 Pro64bit Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:11:06 PM MassLogger Started: 5/21/2022 12:11:03 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Product Inquiry N0.3000334756.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  Product Inquiry N0.3000334756.exe
- Size
  
  856KB
- MD5
  
  934f4480b7c045329d444d37760225a6
- SHA1
  
  f819e700b862ba46f2fabc573f15f6c5554ecf1b
- SHA256
  
  0137eab9ffb892bcff1aabd6bba89c41459cf49087222ebb2723c3ce5a755ad3
- SHA512
  
  559826a4f7562db9c17699cacc9f60145c6dcc554485aacc86bd4d23b8dad8a8bdbc2190a9622a7b7f3e8ae7ac0297f842547c41589a3deb723a4e1b563d0677
Score

10^/10

masslogger collection ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2