masslogger | 30e4bf20932ff913f614d755aa681f3db76cbaf5c6ec08bd668459fab2bf9277 | Triage

Submit
Reports

Overview

overview

Static

static

EO09844Y4Y4.exe

windows7_x64

EO09844Y4Y4.exe

windows10-2004_x64

Sharing

General

Target

EO09844Y4Y4.exe
Size

1.2MB
Sample

220613-nlz7qsfhfl
MD5

10d01d4cd2c896a5573c90465dd6548f
SHA1

365c81314ba3c23717734efaa78ec5844d37a9b2
SHA256

30e4bf20932ff913f614d755aa681f3db76cbaf5c6ec08bd668459fab2bf9277
SHA512

9b4b7dbfd8203353cf24f8ef73f1c0078b8a663a2282dc848b4fa1aeb3e3da7ee5f92b10617146627c729501e59237075cc5f8b791c43c556dac9939aa1c7cd3

Score

10^/10

masslogger collection evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

EO09844Y4Y4.exe

Resource

win7-20220414-en

masslogger collection evasion spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EO09844Y4Y4.exe

Resource

win10v2004-20220414-en

masslogger collection evasion spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  EO09844Y4Y4.exe
- Size
  
  1.2MB
- MD5
  
  10d01d4cd2c896a5573c90465dd6548f
- SHA1
  
  365c81314ba3c23717734efaa78ec5844d37a9b2
- SHA256
  
  30e4bf20932ff913f614d755aa681f3db76cbaf5c6ec08bd668459fab2bf9277
- SHA512
  
  9b4b7dbfd8203353cf24f8ef73f1c0078b8a663a2282dc848b4fa1aeb3e3da7ee5f92b10617146627c729501e59237075cc5f8b791c43c556dac9939aa1c7cd3
Score

10^/10

masslogger collection evasion spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionevasionspywarestealer

behavioral2

massloggercollectionevasionspywarestealer

© 2018-2025

Terms | Privacy