masslogger | e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e | Triage

Submit
Reports

Overview

overview

Static

static

e7f0261f17...5e.exe

windows7_x64

e7f0261f17...5e.exe

windows10-2004_x64

Sharing

General

Target

e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e
Size

1.2MB
Sample

220708-mbx4ysdga3
MD5

233632e49ec5401ddb3387f28f5ce9b9
SHA1

79caebdd1cc3e76e61e7ed400146f81fbab2d885
SHA256

e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e
SHA512

a0354c14300f09429b6821c1a01b5a4b716919b4b43a465cfea418327346393369513d9c1aa7a9914c22cdea6e4806fb5055d1fa9224069dec4d5e437ad82317

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e.exe

Resource

win7-20220414-en

masslogger collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e.exe

Resource

win10v2004-20220414-en

masslogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e
- Size
  
  1.2MB
- MD5
  
  233632e49ec5401ddb3387f28f5ce9b9
- SHA1
  
  79caebdd1cc3e76e61e7ed400146f81fbab2d885
- SHA256
  
  e7f0261f170ad022b44a31b65a4c61adffb2cbc85ec64487c3875fd8a6c3cc5e
- SHA512
  
  a0354c14300f09429b6821c1a01b5a4b716919b4b43a465cfea418327346393369513d9c1aa7a9914c22cdea6e4806fb5055d1fa9224069dec4d5e437ad82317
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy