Overview

overview

10

Static

static

Scan_DSV_0...DF.exe

windows7_x64

1

Scan_DSV_0...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71125e371affeea3c44aaf8aabb2b06e8e5f9af1b7fcd60686444b9d64b3b774

  • Size

    880KB

  • Sample

    220521-pwh7msgag4

  • MD5

    085f61247a34c408c5a21c43a7062c98

  • SHA1

    417dd230a965865c4b28723519b632e3ba72949d

  • SHA256

    71125e371affeea3c44aaf8aabb2b06e8e5f9af1b7fcd60686444b9d64b3b774

  • SHA512

    c8816d914a59b7c14ad52ae6ef6903e26145828b2d4db03f89feea142bcc85224e48d86a54c83e229cf9a8993f4c1225efa1d688783a480f2471eaaa326e421e

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19E979543A\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 3:16:29 PM MassLogger Started: 5/21/2022 3:16:25 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Scan_DSV_03072020_038465318631_PDF.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    whayasaynewnew

Targets

    • Target

      Scan_DSV_03072020_038465318631_PDF.exe

    • Size

      820KB

    • MD5

      7e3ce66bf8cca74b5a5339d9f2b8aeeb

    • SHA1

      5a57f3abe3e6105207ece6f3fd1e830e2c341868

    • SHA256

      c4349d30167ec1dfd9c70454c3f91a5ac21d52d433c093391462bc3f995e7781

    • SHA512

      5f4bca15864f1d1830e86bd0af9659921ca00178aacc19c9f7dd344a16b5bc77bd067c6c8e3fb3fb4615592ea52de6b981054af24729fe76f79e7db5c4ac23c8

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks