masslogger

General

Target

81982f45f90c69f5fbdf0bb34273a99c1a9d1d8b1b51a307cb4b3dfa829bae62
Size

495KB
Sample

220525-bl7klahgap
MD5

23060ccfc90d21321420bda396ce8f8e
SHA1

69239688b9089a3ba073bf88e0fc60c9bbe0efcc
SHA256

81982f45f90c69f5fbdf0bb34273a99c1a9d1d8b1b51a307cb4b3dfa829bae62
SHA512

a45c413e5cba8e09c7f418af7c74070178c94acea4433ce240c0f8f1d961eab65dd52288a9b7dfbb479080486ba847b661cbcfe39bc9b7a209c91599f6b9424d

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3B8E3C2477\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v2.0.0.0 ################################################################# ### Logger Details ### User Name: Admin IP: 127.0.0.1 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/25/2022 3:17:23 AM MassLogger Started: 5/25/2022 3:17:11 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\81982f45f90c69f5fbdf0bb34273a99c1a9d1d8b1b51a307cb4b3dfa829bae62.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Targets

- Target
  
  81982f45f90c69f5fbdf0bb34273a99c1a9d1d8b1b51a307cb4b3dfa829bae62
- Size
  
  495KB
- MD5
  
  23060ccfc90d21321420bda396ce8f8e
- SHA1
  
  69239688b9089a3ba073bf88e0fc60c9bbe0efcc
- SHA256
  
  81982f45f90c69f5fbdf0bb34273a99c1a9d1d8b1b51a307cb4b3dfa829bae62
- SHA512
  
  a45c413e5cba8e09c7f418af7c74070178c94acea4433ce240c0f8f1d961eab65dd52288a9b7dfbb479080486ba847b661cbcfe39bc9b7a209c91599f6b9424d
Score

10^/10

masslogger collection ransomware spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2