masslogger

General

Target

8a11b451d016d26d350ad4d913de3af9e8ffa77e945955b26e89d23951ada1e8
Size

798KB
Sample

220525-bl3xeaeac8
MD5

416c6c0776664f4985d665764eb28fbc
SHA1

26cf9f67fd3b9286d71036d2da2d207f2727fe77
SHA256

8a11b451d016d26d350ad4d913de3af9e8ffa77e945955b26e89d23951ada1e8
SHA512

1d488a73781bfe88b4320eda583762cac4bbf7eba7a6842eaca17f444ff4c31713306e66efc2e338d93282a2a9fb772a1ff7779ab9aa88bfcefcdbc58c163b0b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/25/2022 3:17:58 AM MassLogger Started: 5/25/2022 3:17:51 AM Interval: 1 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\8a11b451d016d26d350ad4d913de3af9e8ffa77e945955b26e89d23951ada1e8.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  8a11b451d016d26d350ad4d913de3af9e8ffa77e945955b26e89d23951ada1e8
- Size
  
  798KB
- MD5
  
  416c6c0776664f4985d665764eb28fbc
- SHA1
  
  26cf9f67fd3b9286d71036d2da2d207f2727fe77
- SHA256
  
  8a11b451d016d26d350ad4d913de3af9e8ffa77e945955b26e89d23951ada1e8
- SHA512
  
  1d488a73781bfe88b4320eda583762cac4bbf7eba7a6842eaca17f444ff4c31713306e66efc2e338d93282a2a9fb772a1ff7779ab9aa88bfcefcdbc58c163b0b
Score

10^/10

masslogger coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

MassLogger Main Payload

MassLogger log file

ReZer0 packer

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2