General
Target

7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0

Size

1MB

Sample

220521-pjy3bsafdl

Score
10/10
MD5

28ef74e90e584394dfa721b8b3c8dccd

SHA1

c22919c141b088be003cf73ab2ddac830e4a5637

SHA256

7809213c9557db2f152b7b1a259e8ed352ac27270e623d1c780e3cfd32ac14b0

SHA512

679da16449bf9d1b2c650d8707bf963bafdc82543b8527bf45ac9ac4c4185e141b47e10447097bd2b7f71aa03b36eea0927c99bc25ac67a1e1ecc056e8b7ae7b

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:32:58 PM MassLogger Started: 5/21/2022 2:32:43 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:32:44 PM MassLogger Started: 5/21/2022 2:32:16 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Targets
Target

OUR_NEW_.EXE

MD5

2bd29021de1827a18eb2ba749724809a

Filesize

766KB

Score
10/10
SHA1

939c8d922f9fe7f04b1fedeb4032609c83e23fcf

SHA256

110e9666025176f94b715b77f8677d5eb9049c6a79d61716be8e1646b70b36bb

SHA512

0ace069a3bafdfb14a7589c1f50dd0fd43ee05da4e5553d5706eef727d77dfaca5995a532a8752e76e45948f343559cf63ae09aa2f432d6e9ee880fa26252dcf

Tags

Signatures

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger Main Payload

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Description

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral2

                        Score
                        10/10