masslogger | ee6e83dfe95c0dad3b4b307c81e5e590e455e49dca6858a34e274e88e079944f | Triage

Submit
Reports

Overview

overview

Static

static

Company profile.exe

windows7_x64

Company profile.exe

windows10-2004_x64

1

Sharing

General

Target

ee6e83dfe95c0dad3b4b307c81e5e590e455e49dca6858a34e274e88e079944f
Size

670KB
Sample

220521-xj791abhd7
MD5

95d9f2c6843b9cc5171cffa241a1144c
SHA1

498d69e15743f7d4d71b0270b12f7d50aae69050
SHA256

ee6e83dfe95c0dad3b4b307c81e5e590e455e49dca6858a34e274e88e079944f
SHA512

5b1d48adc2a0e75b17fe9fe13d93257620c7598455977c95ffb3b2146f2af7f5715242209c0bde8b1abf629731e61a236cea8621ad9d614dd6bf7d6075b75e2a

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Company profile.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Company profile.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Company profile.exe
- Size
  
  716KB
- MD5
  
  16f704634dd7855cf929214dfaeaa9e8
- SHA1
  
  e7af55b75a431c30265b7a63162611c44cfef296
- SHA256
  
  e4e29eef439bf36287f9dc660155697cc2d227fbccd34d95a8b59c5451ba5287
- SHA512
  
  8472440832759e87529151606aecc9cf4696f51c32cf4b9d6b338283bc6c937b0755dd945faa73baf36df1786030042a97883178f0d50db1fa57d160b12761a9
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

© 2018-2024

Terms | Privacy