masslogger | f41bedae4a2cc28de89206c24da2cefd255d66816f3ecba23a8377a76f59e15d | Triage

Submit
Reports

Overview

overview

Static

static

3

Halkbank.exe

windows7-x64

Halkbank.exe

windows10-2004-x64

Sharing

General

Target

3f87938412145c603c800e4bc39bd2f7_JaffaCakes118
Size

1.4MB
Sample

240513-pwxd9seg8y
MD5

3f87938412145c603c800e4bc39bd2f7
SHA1

c1b44a4e3d5d51165ec4307a53fd3871ca84d027
SHA256

f41bedae4a2cc28de89206c24da2cefd255d66816f3ecba23a8377a76f59e15d
SHA512

87bd22ca89894ed9c8bbf11ec15ed99f6064b30d674dba9aea6645b64ac6e93f1ed9e1fb941f3cf39e2899942e1007574a512fc4f9bd705702bf971bb948dfe9
SSDEEP

24576:ZEaF7JHxzNhgGtiF7CT4GXaFvJxpp9hwiLyF7ChRL6:ZEe7JHxNBY2TlevJxr9HI2hRL6

Score

10^/10

masslogger zgrat collection rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Halkbank.exe

Resource

win7-20240221-en

masslogger zgrat collection rat spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Halkbank.exe

Resource

win10v2004-20240226-en

masslogger zgrat collection rat spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Halkbank.exe
- Size
  
  1.5MB
- MD5
  
  17b4f6c8e030bcc1516f978f1f159ff8
- SHA1
  
  e4c5faff829cb346c6bb0b15716a6a260b89101f
- SHA256
  
  9ce382b1991be3ae8fa744c4abf5d450ee9d376da295dfee8ca565551e75a9b0
- SHA512
  
  adb100e1f52bc096cc23c5a5a82a2d5f581b6477e84f8641ced130249264dd3cb708e3b1e1e43ae7f50e6853bb2dd1cdff6421012896361eda8688d750116be4
- SSDEEP
  
  24576:xZyLaHxaFxJ3pJxhqyxmF7CZxZyLaHxaFxJ3pJxhqyxmF7CZOUa:xrHxexJ3rxhE2ZxrHxexJ3rxhE2ZO
Score

10^/10

masslogger zgrat collection rat spyware stealer
- Detect ZGRat V1
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

massloggerzgratcollectionratspywarestealer

behavioral2

massloggerzgratcollectionratspywarestealer

© 2018-2024

Terms | Privacy