masslogger

General

Target

f937625ac17370fe9bc738c7290d2186612a3a106428bb26c142848a0d949625
Size

1.0MB
Sample

220521-np65fshbck
MD5

804785cec12bb95cb6c51bcc3db07013
SHA1

e6ba78efc338ee4d9b557df8f3312d4f1ec493f0
SHA256

f937625ac17370fe9bc738c7290d2186612a3a106428bb26c142848a0d949625
SHA512

b293274d0ac002b4642141bfd6ee69df97b4822ea12bebb22bc62ed0950f360bbc02a99d3c099a401c90841fd86c4f195321660616c2761a1ac3f7dfff5882e5

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.51 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 11:47:18 AM MassLogger Started: 5/21/2022 11:47:11 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Inquiry List For Quote.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> NA

Targets

- Target
  
  Inquiry List For Quote.exe
- Size
  
  1.1MB
- MD5
  
  d5df29fc9902a2b1404d1366a945ed72
- SHA1
  
  2c98de0881f4b3ad58fd86d9e006c8902f85d486
- SHA256
  
  af568c3ddd1a373a0694029fecd3406feffc6054bd3587436f1df5681cee591d
- SHA512
  
  b1f9d1e576f1c5115cc8199e1a1b8c5a344617900c84b9c1d914a1773c759847aa7c3d6166b5fa48f8a34319cc2c39d274a263d3f845ca741bfdb16ef7bc30fa
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2