General
Target

0050845afac75af190b0f40bc369a76466bd205c067ec20ea20c9e75b0cfdbf0

Size

809KB

Sample

220521-pqbwdabaar

Score
10/10
MD5

fd5cd4c409df5307366cfe059adba2e8

SHA1

fa1e88a361b84c75564643e1706b3c1125658864

SHA256

0050845afac75af190b0f40bc369a76466bd205c067ec20ea20c9e75b0cfdbf0

SHA512

dbf92b7d4c3ece88ea572e85bb5c5bd32c98a9d2ad8e0285d01f09278325021959d57ae01a5c568e29bf36ae406ee7cceefb7d35c62a28a470e84fb50534875b

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:41:15 PM MassLogger Started: 5/21/2022 2:40:45 PM Interval: 6 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Daily report 2_pdf.exe As Administrator: True

Extracted

Credentials

Protocol: smtp

Host: smtp.yandex.com

Port: 587

Username: exporttaipei@yandex.com

Password: evra12345

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\F95B724EDE\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:41:23 PM MassLogger Started: 5/21/2022 2:40:45 PM Interval: 6 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Daily report 2_pdf.exe As Administrator: True
Targets
Target

Daily report 2_pdf.exe

MD5

8a1fa311688ba41e6282226bb02d73a2

Filesize

861KB

Score
10/10
SHA1

8ba23c07edef3e0302820c811ae56705665ff12d

SHA256

8bc95f1ba65bf54858a20c62bf09e9e39027f8be74369c25401b5e4503b1b553

SHA512

1e51ee35a7da4fd7ac18c0781772260958f8e7e63694cd4b3b5a6367af34bbe8464b08620b8f2d05840ae5ec7fb1e43dccd9c8e2399ecd2c5e3c0bd791f29a50

Tags

Signatures

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger Main Payload

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Description

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A