masslogger

General

Target

3dece552bae40022a24574f60b1dca098221bc92f04808839928b86e48eedcbd
Size

1.8MB
Sample

220521-pmkn4sffb8
MD5

90be67cd4e708a8080bfebc282966207
SHA1

12a71a6483b1792bdf7091d4b960522b43988692
SHA256

3dece552bae40022a24574f60b1dca098221bc92f04808839928b86e48eedcbd
SHA512

788f1a4b77aa618d634eb9ef08baea270bd8555f7df86456fef64314c3998bfc955c15069355930b016bd8e08ac3b38c18d5fb55a9d8d3df1f8be4335d804716

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:09:54 PM MassLogger Started: 5/21/2022 1:09:43 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\781F780B4E\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:09:39 PM MassLogger Started: 5/21/2022 1:09:36 PM Interval: 96 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  PAGO_25_.EXE
- Size
  
  1.2MB
- MD5
  
  94f2908697b9f698d5634f675dc6a5c8
- SHA1
  
  9e6e83f145c01bedd3ef800b16e675d990f9d39e
- SHA256
  
  79789ad11d75901af6b26bcb620abc4db6c1391c00544bf6d293760f98c3df76
- SHA512
  
  042c67a7da5cdff3e159d918bb8fdde12d6b5d176e9b51460d4703ed68b33562c58d98cd140064fae4f336196a0e23efe78545f7bd621f77c305516b78b96ce5
Score

10^/10

masslogger agilenet ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MassLogger Main Payload

MassLogger log file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2