masslogger

General

Target

affd41df487700a59f27d10e8a52a4fe7f10907f7bbf3f11d1e8b26e8435384d
Size

1.3MB
Sample

220521-pgnhtaaebq
MD5

6b79d4c24e288805fcd3f4c91a933b40
SHA1

8b14193350518e068ea3dc4df569c1c16fda4f19
SHA256

affd41df487700a59f27d10e8a52a4fe7f10907f7bbf3f11d1e8b26e8435384d
SHA512

beecadca4246d6bbaa678483b82da5d8320ccec0d21789a2b7a1a0bc0208db0483f3f30c5ecd626ca8e427c018b712dbee5a01f7a251689f343304dfee20139b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:31:10 PM MassLogger Started: 5/21/2022 2:30:59 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SKBMT__B.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:30:05 PM MassLogger Started: 5/21/2022 2:29:50 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\SKBMT__B.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  SKBMT__B.EXE
- Size
  
  807KB
- MD5
  
  848160f98c9f8649b24e626a9b2b771c
- SHA1
  
  0f9b15af9c94d497979efc1ad64e81ce89a8ed76
- SHA256
  
  4e232298aee519176835a2da80f0a04ac027ac235a5b5ea51974c66318b59245
- SHA512
  
  235f7516b632632a79994cc7d35a725a141d88f301d63c40d4c68ed225075769e2aae6f2d5671c638c002d1ad136e718534517e17d4a206391e40e63610db242
Score

10^/10

masslogger ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

ReZer0 packer

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2