General

  • Target

    9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f

  • Size

    725KB

  • Sample

    220521-phjagsfch4

  • MD5

    e60a6594a2946bd43120070cc2de71b8

  • SHA1

    dc43d84f70f5b897221cbcd23d34b97ea80d4b88

  • SHA256

    9cb29fc1bad08e18786a11459ccbe677873e450052ad8f8384f980351eff9f3f

  • SHA512

    659670c32630dfb246e53af014c7468831dfd2d097e5403b8f8e20ec7d3e2be1b704525401ff1ddcdc26bfc52ae4d03035b65833e39b8979b70ab53d5902942c

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:08:47 PM MassLogger Started: 5/21/2022 1:08:36 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:07:49 PM MassLogger Started: 5/21/2022 3:07:37 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      payment_authorization.scr

    • Size

      781KB

    • MD5

      27274675f453b4cdc272d23a984b6302

    • SHA1

      b027a17a65755cdb0dfb6fef0bc9371ccbefd629

    • SHA256

      9e9f06f1259bee66e0a0c2b3b92cb74fe17c06b48ea0781c978c23f7ecfbcf79

    • SHA512

      46fa463542afb5f4fc880bab515d12cfd617df478608874d34e5475337c0aab2934956206aa9b6c80ef75657677c6763b499fc5b3da205730d24314df7ad092b

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks