masslogger | 06b5a28f7b3cea3dbb9448342adde2d08c92306d138dcbdae732a80be2da8377 | Triage

Submit
Reports

Overview

overview

Static

static

068d065f6c...06.exe

windows7-x64

068d065f6c...06.exe

windows10-2004-x64

Sharing

General

Target

8445636171.zip
Size

918KB
Sample

221121-snj1raae8y
MD5

f5fee7b9fb4001e27b37a6cd71e0c2d9
SHA1

106c3082ce4fc25e35db90d6bb713a197edfdfa3
SHA256

06b5a28f7b3cea3dbb9448342adde2d08c92306d138dcbdae732a80be2da8377
SHA512

0c4060ba8a4c7dbaa52d8c3dbd126e429afbec71194257cdbb8b2b31dbb68933d1e79ffe6d367c78bd407020df32c6ee9973c87a2415f0779549f5643d02dd49
SSDEEP

24576:+ByA68OkLm+/h1o3Pj2cNm0KbdjShlBrI94lcZvP9MGxgMN92Cw:+ByAyGJ/UqT0Kb1Shl9IKclaGxd727

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

068d065f6cf6f4ece07c2ac083aeac75ef9c2740d4c3204e29535e24222d4c06.exe

Resource

win7-20220812-en

masslogger collection spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

068d065f6cf6f4ece07c2ac083aeac75ef9c2740d4c3204e29535e24222d4c06.exe

Resource

win10v2004-20220901-en

masslogger spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  068d065f6cf6f4ece07c2ac083aeac75ef9c2740d4c3204e29535e24222d4c06
- Size
  
  1.1MB
- MD5
  
  01dfe50d975f4480c60858fd4f8602f0
- SHA1
  
  6e9ef13931e96680201624b7d55b71c1aa2b87f5
- SHA256
  
  068d065f6cf6f4ece07c2ac083aeac75ef9c2740d4c3204e29535e24222d4c06
- SHA512
  
  6e2a6620e9ef970350ad1d815bf980575ec3a31d0f984f9a8e15650cc816048e40a914f5f452a12152855cc144309a1c4b19ef800f855c010aca94b0da78c9b2
- SSDEEP
  
  24576:TVnc4FOBpGtVozfzAXKsponDp8w0bk9kDaTl7L:JnRFCGtVoDaKLF8Lkqcl7L
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealer

behavioral2

massloggerspywarestealer

© 2018-2024

Terms | Privacy