Description
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0
1MB
220521-pjy3bsafdl
28ef74e90e584394dfa721b8b3c8dccd
c22919c141b088be003cf73ab2ddac830e4a5637
7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0
679da16449bf9d1b2c650d8707bf963bafdc82543b8527bf45ac9ac4c4185e141b47e10447097bd2b7f71aa03b36eea0927c99bc25ac67a1e1ecc056e8b7ae7b
Path | C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt |
Family | masslogger |
Ransom Note |
#################################################################
MassLogger v1.3.4.0
#################################################################
### Logger Details ###
User Name: Admin
IP: 154.61.71.50
Location: United States
OS: Microsoft Windows 7 Ultimate 64bit
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 2:32:58 PM
MassLogger Started: 5/21/2022 2:32:43 PM
Interval: 96 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
Path | C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt |
Family | masslogger |
Ransom Note |
#################################################################
MassLogger v1.3.4.0
#################################################################
### Logger Details ###
User Name: Admin
IP: 154.61.71.50
Location: United States
OS: Microsoft Windows 10 Pro64bit
CPU: Intel Core Processor (Broadwell)
GPU: Microsoft Basic Display Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 2:32:44 PM
MassLogger Started: 5/21/2022 2:32:16 PM
Interval: 96 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
OUR_NEW_.EXE
2bd29021de1827a18eb2ba749724809a
766KB
939c8d922f9fe7f04b1fedeb4032609c83e23fcf
110e9666025176f94b715b77f8677d5eb9049c6a79d61716be8e1646b70b36bb
0ace069a3bafdfb14a7589c1f50dd0fd43ee05da4e5553d5706eef727d77dfaca5995a532a8752e76e45948f343559cf63ae09aa2f432d6e9ee880fa26252dcf
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
Detects a log file produced by MassLogger.
Detects ReZer0, a packer with multiple versions used in various campaigns.
Looks up country code configured in the registry, likely geofence.
Uses a legitimate IP lookup service to find the infected system's external IP.