masslogger | b3f41a4d798bbbba9942c8e60d83bb7fc602f670aadc7ce22eba0405a9f99033 | Triage

Submit
Reports

Overview

overview

Static

static

PO65010581...33.exe

windows7-x64

PO65010581...33.exe

windows10-2004-x64

Sharing

General

Target

PO6501058115, PO65010581, PO6501058133.7z
Size

902KB
Sample

221116-c653yacg61
MD5

68a6239c1c3662bcf8f561d514d47c8c
SHA1

955b268d8ed9501e3b1560249d2faeedfc92cd39
SHA256

b3f41a4d798bbbba9942c8e60d83bb7fc602f670aadc7ce22eba0405a9f99033
SHA512

224506871aa3d7614e4e99927b83efaa8743cb688904e21e160959da735db2db04ab46d2cfc245112800b458d0cfe586f9ca7e53b2f43ca8938244842c242d42
SSDEEP

24576:oJAs8BpGtYPzfZAXHZYJpLpww0yk5kDBTT2O:o3WGtYPD4H6bwikeZT2O

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

PO6501058115, PO65010581, PO6501058133.exe

Resource

win7-20220812-en

masslogger collection spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO6501058115, PO65010581, PO6501058133.exe

Resource

win10v2004-20221111-en

masslogger spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  PO6501058115, PO65010581, PO6501058133.exe
- Size
  
  1.1MB
- MD5
  
  01dfe50d975f4480c60858fd4f8602f0
- SHA1
  
  6e9ef13931e96680201624b7d55b71c1aa2b87f5
- SHA256
  
  068d065f6cf6f4ece07c2ac083aeac75ef9c2740d4c3204e29535e24222d4c06
- SHA512
  
  6e2a6620e9ef970350ad1d815bf980575ec3a31d0f984f9a8e15650cc816048e40a914f5f452a12152855cc144309a1c4b19ef800f855c010aca94b0da78c9b2
- SSDEEP
  
  24576:TVnc4FOBpGtVozfzAXKsponDp8w0bk9kDaTl7L:JnRFCGtVoDaKLF8Lkqcl7L
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy