Description
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
General
Target
Size
Sample
0b1e16ec3b9df30065ab12858d60db441afa2ad9f96e9a32e1f6c94eb675c71c
676KB
220521-ppntjsahgn
Score
10/10
MD5
SHA1
SHA256
SHA512
26d15bf678633c5fd4c87c3a7f022474
7f72d275b52e5775960ba5169b2fa956542cd53b
0b1e16ec3b9df30065ab12858d60db441afa2ad9f96e9a32e1f6c94eb675c71c
6ced1d9dc47c27ef00a91323d86220d3f1697b5569437991d544a9c1d2e61cee16e49ad711923a9b85fad75352e1b3e44fdf30d1aafe8d3cd3f8f52472d42cd0
Malware Config
Extracted
| Path | C:\Users\Admin\AppData\Local\Temp\79FE0CC911\Log.txt |
| Family | masslogger |
| Ransom Note |
#################################################################
MassLogger v2.0.0.0
#################################################################
### Logger Details ###
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 12:38:52 PM
MassLogger Started: 5/21/2022 12:38:41 PM
Interval: 2 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RFQ #031-24062020.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
Extracted
| Credentials |
Protocol: smtp Host: mail.privateemail.com Port: 587 Username: binu@metalfabme.icu Password: @Brazil20,, |
Extracted
| Path | C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt |
| Family | masslogger |
| Ransom Note |
#################################################################
MassLogger v2.0.0.0
#################################################################
### Logger Details ###
User Name: Admin
IP: 127.0.0.1
Location: United States
Windows OS: Microsoft Windows 10 Pro 64bit
Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX
CPU: Intel Core Processor (Broadwell)
GPU: Microsoft Basic Display Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 2:39:54 PM
MassLogger Started: 5/21/2022 2:39:41 PM
Interval: 2 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RFQ #031-24062020.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
Targets
Target
MD5
Filesize
RFQ #031-24062020.exe
4400d1b5d0c379b8e5dade14b3346569
729KB
Score
10/10
SHA1
SHA256
SHA512
5d7a1f8777069ac6462cdcd7aaa885b10e23472f
851f1641fb283113cc5feb03c807bc82dc4d85ecd22ab8ff091a8edd71bb45ed
75a275fda65c52cc831fc4750aecfc23408c86db5e0532566701902c32ac3807a918a89286f3ff795173c0af7cc5cf8e5c63a3c61fbc5762ed0cfe3d89386dd6
Tags
Signatures
-
MassLogger
-
MassLogger log file
Description
Detects a log file produced by MassLogger.
-
ReZer0 packer
Description
Detects ReZer0, a packer with multiple versions used in various campaigns.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10