masslogger | 3fbdca77227ad15138cf04589592791319d2288361b56109fd627330cc7e98d6 | Triage

Submit
Reports

Overview

overview

Static

static

REVISE ORDER.exe

windows7_x64

6

REVISE ORDER.exe

windows10-2004_x64

Sharing

General

Target

3fbdca77227ad15138cf04589592791319d2288361b56109fd627330cc7e98d6
Size

728KB
Sample

220630-x5q8lsbeg8
MD5

60b53b9c086560d99a155f24dd70b691
SHA1

3ec41b0197c0f5ca5097a4f2ce03866adbf7091d
SHA256

3fbdca77227ad15138cf04589592791319d2288361b56109fd627330cc7e98d6
SHA512

5b8e3809906300fb280952ba77f23de9b8dad639c6700459a8f9ca6b9dfea8e09ebf468484ea6bc33858661ab91f35dbb558ee298c25c100d92efaa1471a66bd

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

REVISE ORDER.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REVISE ORDER.exe

Resource

win10v2004-20220414-en

masslogger collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
billions@cairoways.me
Password:
Whyworry90#

Targets

- Target
  
  REVISE ORDER.exe
- Size
  
  804KB
- MD5
  
  cf41831924a9e271522a59b8cfa7e9bc
- SHA1
  
  624d9d1ff349e8fddfb93dfb277c3f93d20cd625
- SHA256
  
  069f0dc72189e7faf5278aabd6ba9f53c386023f9d7d8ab863896e43f6a4e456
- SHA512
  
  562e01c7c9d935cab4b980407dc8955316bfd3acc61db304ab06df6e37dcccf9d77f0fb5c6907f4dfde751a5b4635879d1a34e7bb119fba0e1e32fd2abb6dedd
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy