masslogger | 7187a6d2980e3696396c4fbce939eeeb3733b6afdf2e859a385f8d6b29e8cebc

Analysis

max time kernel
62s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2022 15:44

Target

masslogger.bin.exe
Size

499KB
MD5

3c05e9000f006c7f1549153e7b54e74c
SHA1

b6ca7834020470508a9c205d57621d2a2d025d02
SHA256

7187a6d2980e3696396c4fbce939eeeb3733b6afdf2e859a385f8d6b29e8cebc
SHA512

49aec1bf566ca03b38579afd1ea2aa8bed5e78215c83392428b7f36b01117196005e05852af5f862b02228fb9791ed20b0a3493f8cc43109d8d14d11a058adb1
SSDEEP

6144:MtUXsvIucbyO6+trL99ZgLIRbgvbeXKWfcUTNKMDMAlcn38OxKl9x7qs9Pxcm0AE:MSe1uX3ukCvoBCMDMVqfBdcmDB

Score

10^/10

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main payload 1 IoCs

resource	yara_rule
behavioral2/memory/4808-132-0x00000000007F0000-0x0000000000874000-memory.dmp	family_masslogger

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4808	masslogger.bin.exe
Token: SeDebugPrivilege	3556	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3520	4808	masslogger.bin.exe	83
PID 4808 wrote to memory of 3520	4808	masslogger.bin.exe	83
PID 4808 wrote to memory of 3520	4808	masslogger.bin.exe	83
PID 3520 wrote to memory of 3556	3520	cmd.exe	85
PID 3520 wrote to memory of 3556	3520	cmd.exe	85
PID 3520 wrote to memory of 3556	3520	cmd.exe	85

memory/3556-141-0x0000000005CE0000-0x0000000005D46000-memory.dmp

Filesize
408KB

Download
memory/3556-140-0x00000000054B0000-0x00000000054D2000-memory.dmp

Filesize
136KB

Download
memory/3556-146-0x0000000007330000-0x0000000007352000-memory.dmp

Filesize
136KB

Download
memory/3556-145-0x00000000073D0000-0x0000000007466000-memory.dmp

Filesize
600KB

Download
memory/3556-138-0x0000000002A80000-0x0000000002AB6000-memory.dmp

Filesize
216KB

Download
memory/3556-139-0x00000000056B0000-0x0000000005CD8000-memory.dmp

Filesize
6.2MB

Download
memory/3556-144-0x0000000006820000-0x000000000683A000-memory.dmp

Filesize
104KB

Download
memory/3556-143-0x00000000079B0000-0x000000000802A000-memory.dmp

Filesize
6.5MB

Download
memory/3556-142-0x0000000006380000-0x000000000639E000-memory.dmp

Filesize
120KB

Download
memory/4808-132-0x00000000007F0000-0x0000000000874000-memory.dmp

Filesize
528KB

Download
memory/4808-134-0x0000000005D30000-0x00000000062D4000-memory.dmp

Filesize
5.6MB

Download
memory/4808-133-0x00000000056E0000-0x0000000005772000-memory.dmp

Filesize
584KB

Download
memory/4808-135-0x0000000005780000-0x00000000057E6000-memory.dmp

Filesize
408KB

Download