Description
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
General
Target
Size
Sample
d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7
790KB
220521-pr6r5sfhe6
Score
10/10
MD5
SHA1
SHA256
SHA512
8176a27a6c8ef7232df4b90267427fa6
c90ae7b2bf85b4e525053b2abaa3ece27d7e73a7
d8f1ff7249279c3a492eea283f2d88e32135e8683338b5d416e58a5c32554cc7
638153b3573f2d020f2e3df50f309d3855f71e380afec817186a1a06e920192ab4162a9f1a037098c113642dbe989117f9bb97ae6022727e106563d359860065
Malware Config
Extracted
| Path | C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt |
| Family | masslogger |
| Ransom Note |
#################################################################
MassLogger v1.3.7.1
#################################################################
### Logger Details ###
User Name: Admin
IP: 154.61.71.50
Location: United States
Windows OS: Microsoft Windows 7 Ultimate 64bit
Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV
CPU: Intel Core Processor (Broadwell)
GPU: Standard VGA Graphics Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 3:13:37 PM
MassLogger Started: 5/21/2022 3:13:26 PM
Interval: 9 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Request for new order.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
Extracted
| Path | C:\Users\Admin\AppData\Local\Temp\0F48153F20\Log.txt |
| Family | masslogger |
| Ransom Note |
#################################################################
MassLogger v1.3.7.1
#################################################################
### Logger Details ###
User Name: Admin
IP: 154.61.71.51
Location: United States
Windows OS: Microsoft Windows 10 Pro64bit
Windows Serial Key: W269N-WFGWX-YVC9B-4J6C9-T83GX
CPU: Intel Core Processor (Broadwell)
GPU: Microsoft Basic Display Adapter
AV: NA
Screen Resolution: 1280x720
Current Time: 5/21/2022 1:13:59 PM
MassLogger Started: 5/21/2022 1:13:56 PM
Interval: 9 hour
MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Request for new order.exe
MassLogger Melt: false
MassLogger Exit after delivery: false
As Administrator: True
Processes:
|
Targets
Target
MD5
Filesize
Request for new order.exe
f6e60d4e007049b18de4fb87c38927c3
875KB
Score
10/10
SHA1
SHA256
SHA512
bba2fcd204840b1235dea163bbfeae3a59e3b763
495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281
a46e7a014a3dd577a5e9d7976845185c1f45c6c321bf8cd3c364576afbdccbe0fca7b0057f63e13416c81a60a0e63bce9c2e4ce5b26801cb179a4e6a6c62b5c3
Tags
Signatures
-
MassLogger
-
MassLogger Main Payload
-
MassLogger log file
Description
Detects a log file produced by MassLogger.
-
Modifies visibility of file extensions in Explorer
Tags
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10