masslogger | 1ac859ea21fffe90b76a3c1f0f6b42614693e39363c52782d9fba39eed2b95fa | Triage

Sharing

General

Target

1ac859ea21fffe90b76a3c1f0f6b42614693e39363c52782d9fba39eed2b95fa.zip
Size

357KB
Sample

250325-l75m8sxrv2
MD5

3b9b03997646e56ba237ac22fb3c2810
SHA1

451b1163d6618931345eb1dc3452d704b835e322
SHA256

1ac859ea21fffe90b76a3c1f0f6b42614693e39363c52782d9fba39eed2b95fa
SHA512

a98a67ca289dafa693c698d2a60b3d253499581f50b65830165b8b65c624e7b6f444e4835ea4856f32005642561ed299080adc2269b5fc12f7ffd0f9257c15b7
SSDEEP

6144:aF0Fz5jsLIpdmf6lZdzn2JKPHpjRkxT6r5pETFRTiqzRrkaZoTxBS4sgPxQEBBdW:SmRsEb1lZd6JSpj4T7rdYx045tkVmQCW

Score

10^/10

masslogger collection defense_evasion discovery spyware stealer

Malware Config

Targets

- Target
  
  2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
- Size
  
  514KB
- MD5
  
  9c73b0f2a593fb39f3c0c80bc2851fbb
- SHA1
  
  f2678fbd372b1d29870efb306da0169d3a6613c2
- SHA256
  
  2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b
- SHA512
  
  64c3b1e9e3ea08da7bbe073f98b5d78d7a705decce1773dc9468891730e7db5fc999400ae665671a83451ef3d2489a37d0903303313a7847d4d69c85a70e266a
- SSDEEP
  
  12288:r9djfuZmvMyx1rF+LYkvaQIbuSWkTLRITl3D:rXWXmRF+LFvGuMSD
Score

10^/10

masslogger collection defense_evasion discovery spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Masslogger family
  masslogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectiondefense_evasiondiscoveryspywarestealer

behavioral2

massloggercollectiondefense_evasiondiscoveryspywarestealer