General
Target

1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2

Size

874KB

Sample

220521-pnw4jaffg9

Score
10/10
MD5

0d6999f4c142774c1150b29a82afb0a5

SHA1

d56b07676ada903f17e53b053f455764508db3fd

SHA256

1a2ad007a5eea810965e4d2f188c7f483f16486757f58bbd1b26ad077d4329b2

SHA512

69a76f22915955fb4f2044d436e039dda8e1c9a145f071fcf65bb829aef014c6bc1c779c4d0eb239ab55df653a2714584c7cdc9860287016fe3aeff108a40f8b

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:42 PM MassLogger Started: 5/21/2022 3:09:24 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\0909000000000080.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\8236ADF044\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:09:42 PM MassLogger Started: 5/21/2022 3:09:25 PM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\0909000000000080.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Targets
Target

0909000000000080.exe

MD5

902795af5618d964c0f4c9f1dc286abf

Filesize

994KB

Score
10/10
SHA1

e60bb6c13241a24cf6d65dd57d1fa92c56cf6ee8

SHA256

69a3a2bc5ad99e27fad0546f6cf90ca633dc971979987314b0032e1eb67f1a3b

SHA512

68df80c5f0f379ecc92f220fa9a4b7a20b5463fe25c0a813f23118b32957850902d5e8afaf788545f10399b01d237711fbd8df7c5755b9193145f186f0d46e37

Tags

Signatures

  • Contains code to disable Windows Defender

    Description

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger Main Payload

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks