masslogger | 29ea2e83d8bb49b7b646895e04c08bf60760a79cec2d761ccbee7704216323cf

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-08-2023 18:24

Target

DHLINV1708023 - 1301512300.exe
Size

998KB
MD5

d36de44bf023570b2f83fde6e95842dd
SHA1

b9200cb7cbf75f8f399ec7752a7dfaef5f3acf12
SHA256

29ea2e83d8bb49b7b646895e04c08bf60760a79cec2d761ccbee7704216323cf
SHA512

2b8847f1dfcdc4fdddd0a6830e61f56776f1f1335418b5c73fa49a760ed32003a77a0829ea712e81aac81457425079183cc6fc6912a35dbfc61d78c946530ffd
SSDEEP

12288:g2iNsXDl+CPLnid2sxF+pAz127hoc5etv4GuHkkz0FxycEgh2uWM+kz:g1g7LQqdRQAHkkzkTh2uB+kz

Score

10^/10

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main payload 1 IoCs

resource	yara_rule
behavioral1/memory/3008-62-0x0000000004F50000-0x0000000004FD4000-memory.dmp	family_masslogger

Deletes itself 1 IoCs

pid	Process
2928	powershell.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	DHLINV1708023 - 1301512300.exe
Token: SeDebugPrivilege	2928	powershell.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2936	3008	DHLINV1708023 - 1301512300.exe	31
PID 3008 wrote to memory of 2936	3008	DHLINV1708023 - 1301512300.exe	31
PID 3008 wrote to memory of 2936	3008	DHLINV1708023 - 1301512300.exe	31
PID 3008 wrote to memory of 2936	3008	DHLINV1708023 - 1301512300.exe	31
PID 2936 wrote to memory of 2928	2936	cmd.exe	33
PID 2936 wrote to memory of 2928	2936	cmd.exe	33
PID 2936 wrote to memory of 2928	2936	cmd.exe	33
PID 2936 wrote to memory of 2928	2936	cmd.exe	33

memory/2928-66-0x0000000074310000-0x00000000748BB000-memory.dmp

Filesize
5.7MB

Download
memory/2928-70-0x0000000074310000-0x00000000748BB000-memory.dmp

Filesize
5.7MB

Download
memory/2928-69-0x0000000002690000-0x00000000026D0000-memory.dmp

Filesize
256KB

Download
memory/2928-68-0x0000000002690000-0x00000000026D0000-memory.dmp

Filesize
256KB

Download
memory/2928-67-0x0000000074310000-0x00000000748BB000-memory.dmp

Filesize
5.7MB

Download
memory/3008-60-0x0000000000580000-0x000000000058E000-memory.dmp

Filesize
56KB

Download
memory/3008-55-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/3008-61-0x00000000058A0000-0x000000000595C000-memory.dmp

Filesize
752KB

Download
memory/3008-62-0x0000000004F50000-0x0000000004FD4000-memory.dmp

Filesize
528KB

Download
memory/3008-63-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/3008-59-0x00000000022C0000-0x0000000002300000-memory.dmp

Filesize
256KB

Download
memory/3008-58-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/3008-57-0x0000000000320000-0x0000000000332000-memory.dmp

Filesize
72KB

Download
memory/3008-56-0x00000000022C0000-0x0000000002300000-memory.dmp

Filesize
256KB

Download
memory/3008-54-0x0000000000BC0000-0x0000000000CC0000-memory.dmp

Filesize
1024KB

Download