masslogger | 11b51777fe2510a6c9c60058157e5d81a4d70a0c5f91a5360c97cc85a66c9b22 | Triage

Submit
Reports

Overview

overview

Static

static

IMG.exe

windows7_x64

IMG.exe

windows10-2004_x64

6

Sharing

General

Target

11b51777fe2510a6c9c60058157e5d81a4d70a0c5f91a5360c97cc85a66c9b22
Size

1.3MB
Sample

220521-py7ysagcb5
MD5

55a3a3cccb24b740b6544c267be466b1
SHA1

f29a04c59d80351c242c8a674fa4101dcc61162c
SHA256

11b51777fe2510a6c9c60058157e5d81a4d70a0c5f91a5360c97cc85a66c9b22
SHA512

7a52d760133643f0de5dfd0906bcdc59013265c587eff01ff480cf6f7a366f65d582c68183d8067efe04be54a9b24c0792642223a9f696b35fdca9e3857d6f10

Score

10^/10

masslogger collection persistence spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

IMG.exe

Resource

win7-20220414-en

masslogger collection persistence spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
1234567890$$

Targets

- Target
  
  IMG.EXE
- Size
  
  790KB
- MD5
  
  e37eaf4e6ba3f8f3c7ae69fe64fab426
- SHA1
  
  2371f3f0b6f993a6a85016764fc515e21318acd6
- SHA256
  
  686fa9c6fbea4f0c7ef43e699dc0635cde676b7e9b85846543367a0530c36b0d
- SHA512
  
  eb833ba22f65f3dbceaafa87ab0e3f329cd710849dc08e8dd6972e2a291cb7ddceb90daabfa613e6310e18879e762ffaf051a8c10e36fd264b8f58eecf107142
Score

10^/10

masslogger collection persistence spyware stealer suricata
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- suricata: ET MALWARE MASSLOGGER Client Data Exfil (POST)
  suricata: ET MALWARE MASSLOGGER Client Data Exfil (POST)
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionpersistencespywarestealersuricata

behavioral2

© 2018-2025

Terms | Privacy