Overview

overview

10

Static

static

IMG_6190.scr

windows7_x64

9

IMG_6190.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b51aa46feaf11911b980427b7dcb749d154bac7ccdf88b9091dc28a70e428ccc

  • Size

    1.2MB

  • Sample

    220521-pgekxafcc8

  • MD5

    9230815c52d4de6a43e628dceea8f7a8

  • SHA1

    35584c720533d632f683ee00960d9b2246b71767

  • SHA256

    b51aa46feaf11911b980427b7dcb749d154bac7ccdf88b9091dc28a70e428ccc

  • SHA512

    3c7e5e449aa4203c1b11796d9d484663ae51a359dd5342bfca3d697df61dd437e1568b31973f24ddf6f7fb82ce4f5963d69526584d4bf29f56f544f7ff7e2e50

Score
10/10
massloggerransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:07:20 PM MassLogger Started: 5/21/2022 3:06:43 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr As Administrator: True

Targets

    • Target

      IMG_6190.SCR

    • Size

      732KB

    • MD5

      471c9316ed12a0bd184ac4b4f58a6c46

    • SHA1

      5e94a2f8fdfef1c75298e9b110419c7dc4075bbd

    • SHA256

      b1bbfa891537ee3acffe84ec8a7ebd4537170218372be4727d74c6c31ee4a546

    • SHA512

      32a3d4b514142f5204dfcb4dba5bfed6b2e177bd950024965a4f51bf9bcb1c617e73a61a28e3665f2e06e23dfe99a0f06e9d22e913db669f77e18934b0c6fe60

    Score
    10/10
    rezer0massloggerransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks