masslogger

General

Target

7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0
Size

1.3MB
Sample

220521-pjy3bsafdl
MD5

28ef74e90e584394dfa721b8b3c8dccd
SHA1

c22919c141b088be003cf73ab2ddac830e4a5637
SHA256

7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0
SHA512

679da16449bf9d1b2c650d8707bf963bafdc82543b8527bf45ac9ac4c4185e141b47e10447097bd2b7f71aa03b36eea0927c99bc25ac67a1e1ecc056e8b7ae7b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:32:58 PM MassLogger Started: 5/21/2022 2:32:43 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:32:44 PM MassLogger Started: 5/21/2022 2:32:16 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  OUR_NEW_.EXE
- Size
  
  766KB
- MD5
  
  2bd29021de1827a18eb2ba749724809a
- SHA1
  
  939c8d922f9fe7f04b1fedeb4032609c83e23fcf
- SHA256
  
  110e9666025176f94b715b77f8677d5eb9049c6a79d61716be8e1646b70b36bb
- SHA512
  
  0ace069a3bafdfb14a7589c1f50dd0fd43ee05da4e5553d5706eef727d77dfaca5995a532a8752e76e45948f343559cf63ae09aa2f432d6e9ee880fa26252dcf
Score

10^/10

masslogger ransomware rezer0 spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

ReZer0 packer

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2