General

  • Target

    46455dab58abbeca83badbb41504561f481dfeac961f86024c51b1d0767e5559

  • Size

    1.8MB

  • Sample

    220521-pl5mwsfeh8

  • MD5

    2d954f4b6b5f2997673f7046a936f0a2

  • SHA1

    502fa825a9dbd586696ae05260d18ce9bd67c63f

  • SHA256

    46455dab58abbeca83badbb41504561f481dfeac961f86024c51b1d0767e5559

  • SHA512

    8d825fbd39aa37667227553b4d3d3308074c13dd6355151febf2e257d778fc8e79ae605f903cfea0b981ed531b886afdacfa23b27c845b9b51a99d3c88372625

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:10:11 PM MassLogger Started: 5/21/2022 3:09:52 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:15 PM MassLogger Started: 5/21/2022 3:08:53 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\OUR_NEW_.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      OUR_NEW_.EXE

    • Size

      1.3MB

    • MD5

      8f71a7609408e4af8e1bb7b4bd7307a0

    • SHA1

      2208a70548f67964f48a52df366bd70b5532f6b4

    • SHA256

      4035190e2bab1261203e91970cfdc1f3e13387dcf624ed03f05692e480352fe7

    • SHA512

      9c2cd471748fbb8879cb7d059538a997b6c046f0ad6949238e7d29b667541d7afe225d50f0ff89d87821efeca6fa666e17dfedcc16f4f564b4ac1edc533ec050

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks