General
Target

9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f

Size

725KB

Sample

220521-phjagsfch4

Score
10/10
MD5

e60a6594a2946bd43120070cc2de71b8

SHA1

dc43d84f70f5b897221cbcd23d34b97ea80d4b88

SHA256

9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f

SHA512

659670c32630dfb246e53af014c7468831dfd2d097e5403b8f8e20ec7d3e2be1b704525401ff1ddcdc26bfc52ae4d03035b65833e39b8979b70ab53d5902942c

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:08:47 PM MassLogger Started: 5/21/2022 1:08:36 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:07:49 PM MassLogger Started: 5/21/2022 3:07:37 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Targets
Target

payment_authorization.scr

MD5

27274675f453b4cdc272d23a984b6302

Filesize

781KB

Score
10/10
SHA1

b027a17a65755cdb0dfb6fef0bc9371ccbefd629

SHA256

9e9f06f1259bee66e0a0c2b3b92cb74fe17c06b48ea0781c978c23f7ecfbcf79

SHA512

46fa463542afb5f4fc880bab515d12cfd617df478608874d34e5475337c0aab2934956206aa9b6c80ef75657677c6763b499fc5b3da205730d24314df7ad092b

Tags

Signatures

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger Main Payload

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Description

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral2

                          Score
                          10/10