Overview

overview

10

Static

static

IMG_6110.scr

windows7_x64

10

IMG_6110.scr

windows10-2004_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c8b0678d48632fa7a7ee87c0350c90a0b46b31e8a46fc701a932880a18fe878

  • Size

    1.4MB

  • Sample

    220521-plt66aagbn

  • MD5

    c687540f6218d75fbe3faff438d8a4cf

  • SHA1

    1a480afd41d10ae29a6d38b1a5c135edde6c1a09

  • SHA256

    4c8b0678d48632fa7a7ee87c0350c90a0b46b31e8a46fc701a932880a18fe878

  • SHA512

    3bccb8ac995a1438985b527443e3d5373f0858a647260d7bf3c8c605659fe96fb96e2169fd93b5b42d40e3de65ecff0b9f6c9b96b2cff0792ac85242412609e6

Score
10/10
massloggercoreentityransomwarerezer0spywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 12:35:28 PM MassLogger Started: 5/21/2022 12:35:21 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\IMG_6110.scr MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      IMG_6110.SCR

    • Size

      920KB

    • MD5

      a7f29df168c669851c1979dbc41c95b2

    • SHA1

      46d9da6397c063544cdd8dc9b9f8a65142aefa40

    • SHA256

      bc6a63b07a18d95278dee0e0d77c1e91d4a80bfca9732f030ce069894f610b14

    • SHA512

      79c92ba1352bff8f8f705b325a91196c867d45939ecf2bafac386c192637990d8a212d52b31bfb249794c28c1d1bee0c663ba827983b2fbb803271ca3446d0c6

    Score
    10/10
    massloggercoreentityransomwarerezer0spywarestealer

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks