masslogger | 74481a89a60d1d7d276ee947d68cb4e5cead85fe915ff8a1f1b5bcc56133e79f | Triage

Submit
Reports

Overview

overview

Static

static

________.exe

windows7-x64

________.exe

windows10-2004-x64

Sharing

General

Target

20b5902759ebddf562e1b9b04e1019275af3978526fb249243b9da3d075e2f05.zip
Size

995KB
Sample

220905-rs9ljadbb6
MD5

701548815ee1e14ba9b1a216d8759802
SHA1

283d778e23876a244f28bd4b4876f1d4bc40b8d6
SHA256

74481a89a60d1d7d276ee947d68cb4e5cead85fe915ff8a1f1b5bcc56133e79f
SHA512

970b9ed0b63909d08533b19917ccf351d76d4db3441af224999cf5a4e2348b7d27f1e06e7c7658e537572b470df8b030aecddda930ad84479c69d15e2913428a
SSDEEP

24576:1AtBG6Seg05sDpbjgSx+i3yoBxWJh1BISka6mRm:Wt0i5Iloy1B0B5kZmRm

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

________.exe

Resource

win7-20220901-en

masslogger collection spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

________.exe

Resource

win10v2004-20220812-en

masslogger spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ________.EXE
- Size
  
  1.1MB
- MD5
  
  7d0c983da7b462a05e5df149e8a5b167
- SHA1
  
  27e97566577614b3d41c9f402e2b6ff4b2cc1c37
- SHA256
  
  2de7b732ee9b742f2be5a2ba8bf0cc3a6aadb4513948863a927efecd9324f94c
- SHA512
  
  330ca7a3d654c4c76598234cc4cbc156f1a69d124a8e44eec1b92cc98a318814cb488ec7213562a608382933adc56eedb29f0a13e7f24b89eb1346fa6b71b69a
- SSDEEP
  
  24576:AvSBaXsjdVZ52Zf/xzqFYCASYzP/hvIizJ2ISt/R9L/Y3K3+MYmhmvk4e5Sn:Av58xX52ZHMFWP/hvIizoIo/7L/Y39M4
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy