masslogger

General

Target

3e9e01606f941f5382aef016c7633ccba552e9147f3aafe637791294775b2c17
Size

1.3MB
Sample

220521-ntynwaebc8
MD5

9386198fec7123c9b59810be36929e5d
SHA1

997fdcb79252a1e19da9bc66daeac51da3265276
SHA256

3e9e01606f941f5382aef016c7633ccba552e9147f3aafe637791294775b2c17
SHA512

eebb3df7806e8930747d05edc079d98599c4d6780f11b56d37ef872d664ce7c54e9ff40977323af607a9ee64269c880958bbf7e059beab78332da544b856561c

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:26:57 PM MassLogger Started: 5/21/2022 12:26:46 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
m4cfund@yandex.com
Password:
Dmacdavid

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:27:07 PM MassLogger Started: 5/21/2022 12:27:04 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe As Administrator: True

Targets

- Target
  
  IDBI BANK 22.05.2020.exe
- Size
  
  2.7MB
- MD5
  
  edc942f083bb76a8697fe2ea964ea802
- SHA1
  
  5735d65c8ca05aae13090d434cd352f6bc3fb35b
- SHA256
  
  8b74dcd5ef2fc40d86bc26ed2385d80ab520ad845a4c1b101f3ba13ff36fb35e
- SHA512
  
  191aa81cd43a5d41f4d93aa93db82c61096de5665ae218a7bcd97e7ba1100162f007ef616da033ce20a1537ac87f45f700fd006015a778327b5ca2421a5df734
Score

10^/10

masslogger agilenet collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

Obfuscated with Agile.Net obfuscator

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2