829578ed964e4efeb78499514a145cb2886dcc5ffb769c836981919e6d53949f

General
Target

829578ed964e4efeb78499514a145cb2886dcc5ffb769c836981919e6d53949f

Size

658KB

Sample

220521-pv1qasbcdp

Score
10 /10
MD5

c54f679d81ba63e0b112d936a299bf78

SHA1

378ad468459916391f119c7cb0955c167b295b68

SHA256

829578ed964e4efeb78499514a145cb2886dcc5ffb769c836981919e6d53949f

SHA512

6e924f93a2a49e13ebddb6699a311a9c0b4b07e9fa25b71e1eee5b547465443584a78529359b916a70169c8ba18f098f44a33ecd07003d9a54695ce427947ce5

Malware Config

Extracted

Path C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt
Family masslogger
Ransom Note
################################################################# MassLogger v2.0.0.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:48:00 PM MassLogger Started: 5/21/2022 2:47:49 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\deiUUj8mpdyf36k.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:
Targets
Target

deiUUj8mpdyf36k.exe

MD5

4c2978004f201c8a9d8f86ba5a00be29

Filesize

691KB

Score
10/10
SHA1

06610092027ca2632d771a228d36358b77c8bd65

SHA256

43756195653d9b20db70b3b2700d6ece0e927da322db216d12e6eeb6af316f3f

SHA512

bf5328040efaafce37bc3df6a3ec4979857b34a7f83763ee333e0ee583efdc8d7b7d7d80f6ffa21aa25f22585f2d89c07e24dc9b2140fd73f4d070d33ee630ec

Tags

Signatures

  • MassLogger

    Description

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    Tags

  • MassLogger log file

    Description

    Detects a log file produced by MassLogger.

  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
              Privilege Escalation
                Tasks

                static1

                behavioral2

                9/10