masslogger | 2fe76f953de7338f202e10237e3a43639663429dde38d3a69c1c577ccdc61d2a | Triage

Submit
Reports

Overview

overview

Static

static

3

New Order.exe

windows7-x64

New Order.exe

windows10-2004-x64

Sharing

General

Target

1199d6b3ce577b7a69ad507cf36a7d8b_JaffaCakes118
Size

812KB
Sample

240504-ht87qaeg61
MD5

1199d6b3ce577b7a69ad507cf36a7d8b
SHA1

9fcee8476a3068660ef769e343addbf6aeef0ea4
SHA256

2fe76f953de7338f202e10237e3a43639663429dde38d3a69c1c577ccdc61d2a
SHA512

f4a5c82766ca0b5a482abcd8f254e2dfe6391dedacb04f8316d6c3c97e7e2e1bcfceff6c325d2956c3c40522aca63b5b2eb732faed41bf5658740bf3bb44ccf2
SSDEEP

12288:hXLalRJN4sKRuqo8+mZTuDeoAlxbKrGxb+j3vJEu1qGiXxAsVPKcabqWjwfY7:62sKonmtu2xbKSQhbjaB1akA7

Score

10^/10

masslogger zgrat collection evasion rat rezer0 spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Order.exe

Resource

win7-20240221-en

masslogger zgrat collection evasion rat rezer0 spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order.exe

Resource

win10v2004-20240419-en

masslogger zgrat collection evasion rat rezer0 spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  New Order.exe
- Size
  
  852KB
- MD5
  
  61763eb6479d4859723720ef50e910b7
- SHA1
  
  17b75ac6c43a1f3953ee3f0eaab4c3f7b47fddb5
- SHA256
  
  5c3dc2f467e51b4a48a9bf1f068fe562b5d9687780da0fdb35c8f5836df0a550
- SHA512
  
  d397197e7dd81bc7b341c018b1edc723dcb18eab899b536e4a3e8621ee8e01e593b23c2cdbd533ea61f5c5e1ab68688da756423fd7713f4665906341dc68a0eb
- SSDEEP
  
  12288:AC7EMuLtRjRJN4+KzCqamEmZTu1saAlnbGZixL+1zvpYAzqwiZRislPKiabMKjQS:ACHu32+KgPmtuenbGeoNPH4D7ak2b
Score

10^/10

masslogger zgrat collection evasion rat rezer0 spyware stealer
- Detect ZGRat V1
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Modifies visibility of file extensions in Explorer
  evasion
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerzgratcollectionevasionratrezer0spywarestealer

behavioral2

massloggerzgratcollectionevasionratrezer0spywarestealer

© 2018-2024

Terms | Privacy