General

  • Target

    ade8bfcf1415da45b6137e1e3f610caf22d333cc70d4eb52d7e22131d212461b

  • Size

    850KB

  • Sample

    221204-3zyy6age73

  • MD5

    8f6da2f27a155a09b6cc5fb0f9dd9662

  • SHA1

    9325c0041a932bcc1b557a13c4fd44363d37bd08

  • SHA256

    ade8bfcf1415da45b6137e1e3f610caf22d333cc70d4eb52d7e22131d212461b

  • SHA512

    cb5201ab7599a14afabdc6759da5806ea783ae4accad6ad27887cf70d83d101f6c2793380d7a98a2716dbc3922a5903fd680ebb0ef23f4c411aeb4150cbf49e3

  • SSDEEP

    24576:cKJm08t1l/tzhTYLmTVaEN3x1ZHQeUYUE:cKk3l/bYLmR9xHweUYB

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\19D9201D49\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 12/8/2022 11:28:48 PM MassLogger Started: 12/8/2022 11:28:41 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\DEBIT NOTE - SAOFEM20050027pdf.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      DEBIT NOTE - SAOFEM20050027pdf.exe

    • Size

      962KB

    • MD5

      ad18e53571ae5be2cc2bd0fafd484da2

    • SHA1

      bf175030caf9f23129a63262d9aa345dab620a12

    • SHA256

      92a7c4b4694b3849c97651e3c5713eedbf3e9a5f157724d6ca9047b05ed0e3d9

    • SHA512

      c1b66d8088c5000d72b3a138493321d1224e14133c3e3f425823b27716fec86012dde25c3037c373c87d5c321c04b57ee4acf6dc588134664bbfb54c5eac9aaa

    • SSDEEP

      24576:TQe6H3aJa0ir1T/tphJqlibPiEj3z1dHK1Wi:E7H3aaxT/Tqlib7z3q1l

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks