masslogger

General

Target

ea0a4c4e4ab8b6a483c5bdb3a73cd0ac90b3b0657fecf22829d4d91f1088d8ff
Size

1.3MB
Sample

220521-pd5b6aacgq
MD5

bca6242d3749dff9c3ce6e0ebe627fe4
SHA1

4a8b138576e1c880152aeda716cbb11e7bdfa9db
SHA256

ea0a4c4e4ab8b6a483c5bdb3a73cd0ac90b3b0657fecf22829d4d91f1088d8ff
SHA512

5034a3060e052cc396ab62f6979bcef32af6bf7901c07d6e43d56687af02140db3a45accc97d4668e9a909e2226a8635f64af3a6e5289922ee8abe93fd3ea476

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:26:08 PM MassLogger Started: 5/21/2022 2:25:52 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:27:28 PM MassLogger Started: 5/21/2022 2:26:58 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  OUR_NEW_.EXE
- Size
  
  757KB
- MD5
  
  5eecffe3b62b1e5c080028e6c489cc98
- SHA1
  
  3fa94eff0cffe3fcad56d7e7b3dbcbac341211b5
- SHA256
  
  571ab77f2e5d3069e9b1974cd7548dd28f4cef875b33698b42a846b6057a476e
- SHA512
  
  eb79550f367005386cfc94a674a4c735484df3ff35f038401d5f7995bd0a01eb79d81be3c7b1f4c4b4c6a69dde0a5c28a3e81cd038efc843004310cd2d989cb5
Score

10^/10

masslogger ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

ReZer0 packer

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2