masslogger

General

Target

af7ebebf226dc4b89e0e45888a5ffba6e736fdf81e0517d62e5dfb94ba460410
Size

906KB
Sample

220524-tmekbahah2
MD5

e48eb454f48bc4aeb237092a17f025c6
SHA1

e93ee3308fb56b8c52c298b702fa9198e4e22fc9
SHA256

af7ebebf226dc4b89e0e45888a5ffba6e736fdf81e0517d62e5dfb94ba460410
SHA512

7a1340de52912bab746d610405543f66eb9a478c5f6b5503df3b4104f5ced8f3104ead75365591855c10eb0949e65d7d5749ecc562048cb5b8343ffb7ce3f982

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/24/2022 6:44:38 PM MassLogger Started: 5/24/2022 6:44:31 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\af7ebebf226dc4b89e0e45888a5ffba6e736fdf81e0517d62e5dfb94ba460410.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  af7ebebf226dc4b89e0e45888a5ffba6e736fdf81e0517d62e5dfb94ba460410
- Size
  
  906KB
- MD5
  
  e48eb454f48bc4aeb237092a17f025c6
- SHA1
  
  e93ee3308fb56b8c52c298b702fa9198e4e22fc9
- SHA256
  
  af7ebebf226dc4b89e0e45888a5ffba6e736fdf81e0517d62e5dfb94ba460410
- SHA512
  
  7a1340de52912bab746d610405543f66eb9a478c5f6b5503df3b4104f5ced8f3104ead75365591855c10eb0949e65d7d5749ecc562048cb5b8343ffb7ce3f982
Score

10^/10

masslogger coreentity ransomware spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

MassLogger log file

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2