masslogger

General

Target

1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2
Size

874KB
Sample

220521-pnw4jaffg9
MD5

0d6999f4c142774c1150b29a82afb0a5
SHA1

d56b07676ada903f17e53b053f455764508db3fd
SHA256

1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2
SHA512

69a76f22915955fb4f2044d436e039dda8e1c9a145f071fcf65bb829aef014c6bc1c779c4d0eb239ab55df653a2714584c7cdc9860287016fe3aeff108a40f8b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:42 PM MassLogger Started: 5/21/2022 3:09:24 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\0909000000000080.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:42 PM MassLogger Started: 5/21/2022 3:09:25 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\0909000000000080.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  0909000000000080.exe
- Size
  
  994KB
- MD5
  
  902795af5618d964c0f4c9f1dc286abf
- SHA1
  
  e60bb6c13241a24cf6d65dd57d1fa92c56cf6ee8
- SHA256
  
  69a3a2bc5ad99e27fad0546f6cf90ca633dc971979987314b0032e1eb67f1a3b
- SHA512
  
  68df80c5f0f379ecc92f220fa9a4b7a20b5463fe25c0a813f23118b32957850902d5e8afaf788545f10399b01d237711fbd8df7c5755b9193145f186f0d46e37
Score

10^/10

masslogger collection persistence ransomware spyware stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2