masslogger

General

Target

ce99da148d885ef2d3cd8d06a67f51d41faf2ba8aa32c26ce341a9783b9c2180
Size

736KB
Sample

220524-r6zy9aafcp
MD5

763d190b27f711f4af6716f60ce0fccd
SHA1

43a5ed2fceb7c0556fd6580dab8147f522872182
SHA256

ce99da148d885ef2d3cd8d06a67f51d41faf2ba8aa32c26ce341a9783b9c2180
SHA512

86ee5d1701919d4c0eb249f578986c1ea397f3baa16a4a06c79f5a06f05dd7a4ad0ebe82b18ab105af8892171d00b2477f3c81b54ebed69e2fc078fb05b8a369

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/24/2022 5:28:48 PM MassLogger Started: 5/24/2022 5:28:37 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\ce99da148d885ef2d3cd8d06a67f51d41faf2ba8aa32c26ce341a9783b9c2180.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  ce99da148d885ef2d3cd8d06a67f51d41faf2ba8aa32c26ce341a9783b9c2180
- Size
  
  736KB
- MD5
  
  763d190b27f711f4af6716f60ce0fccd
- SHA1
  
  43a5ed2fceb7c0556fd6580dab8147f522872182
- SHA256
  
  ce99da148d885ef2d3cd8d06a67f51d41faf2ba8aa32c26ce341a9783b9c2180
- SHA512
  
  86ee5d1701919d4c0eb249f578986c1ea397f3baa16a4a06c79f5a06f05dd7a4ad0ebe82b18ab105af8892171d00b2477f3c81b54ebed69e2fc078fb05b8a369
Score

10^/10

masslogger ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MassLogger log file

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2