General
Target

46455dab58abbeca83badbb41504561f481dfeac961f86024c51b1d0767e5559

Size

1MB

Sample

220521-pl5mwsfeh8

Score
10/10
MD5

2d954f4b6b5f2997673f7046a936f0a2

SHA1

502fa825a9dbd586696ae05260d18ce9bd67c63f

SHA256

46455dab58abbeca83badbb41504561f481dfeac961f86024c51b1d0767e5559

SHA512

8d825fbd39aa37667227553b4d3d3308074c13dd6355151febf2e257d778fc8e79ae605f903cfea0b981ed531b886afdacfa23b27c845b9b51a99d3c88372625

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:10:11 PM MassLogger Started: 5/21/2022 3:09:52 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:15 PM MassLogger Started: 5/21/2022 3:08:53 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Targets
Target

OUR_NEW_.EXE

MD5

8f71a7609408e4af8e1bb7b4bd7307a0

Filesize

1MB

Score
10/10
SHA1

2208a70548f67964f48a52df366bd70b5532f6b4

SHA256

4035190e2bab1261203e91970cfdc1f3e13387dcf624ed03f05692e480352fe7

SHA512

9c2cd471748fbb8879cb7d059538a997b6c046f0ad6949238e7d29b667541d7afe225d50f0ff89d87821efeca6fa666e17dfedcc16f4f564b4ac1edc533ec050

Tags

Signatures

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger Main Payload

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        10/10

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10