masslogger

General

Target

550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff
Size

905KB
Sample

220525-bmkgfshgck
MD5

060cbc77c20d140b7ad9f90fd58d45c3
SHA1

f39d0f1ecb50884c69e81b2fd8f66c4b1d5c5cf4
SHA256

550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff
SHA512

525b3beb849c77b132eb77ea1424605b48d5406a5f93a7f10a13b7837e8c7f363ecca7a7b71169114386679a4dc98077a372461dbf43e062c56e116b4f350fe1

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.4.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States OS: Microsoft Windows 7 Ultimate 64bit CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/25/2022 3:19:07 AM MassLogger Started: 5/25/2022 3:18:49 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

- Target
  
  550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff
- Size
  
  905KB
- MD5
  
  060cbc77c20d140b7ad9f90fd58d45c3
- SHA1
  
  f39d0f1ecb50884c69e81b2fd8f66c4b1d5c5cf4
- SHA256
  
  550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff
- SHA512
  
  525b3beb849c77b132eb77ea1424605b48d5406a5f93a7f10a13b7837e8c7f363ecca7a7b71169114386679a4dc98077a372461dbf43e062c56e116b4f350fe1
Score

10^/10

masslogger coreentity ransomware rezer0 spyware stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CoreEntity .NET Packer

MassLogger log file

ReZer0 packer

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2