Overview

overview

10

Static

static

RjJZqTyRrEpvftP.exe

windows7_x64

10

RjJZqTyRrEpvftP.exe

windows10_x64

3

Resubmissions

29-05-2020 14:54

200529-m8ej6tddre 10

19-05-2020 21:38

200519-bxf9fygjfx 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RjJZqTyRrEpvftP.exe

  • Size

    863KB

  • Sample

    200529-m8ej6tddre

  • MD5

    95b6c2e6cfef73be03af6ec5a4c82be8

  • SHA1

    de12d0b9c6141d48b5cf436446071b57cab750be

  • SHA256

    05634115b645d0df04cd66ef32a3d4301fda48edb1750d87f404e1ba73b6be04

  • SHA512

    339cb7d10389e45aa87b0e8e76a95662e4a7487e8585ba58c085956b0fde873ab068a6b4880d96f2641aaa4b8ef786516292f936386201846ed5e986f008604d

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/29/2020 4:55:25 PM MassLogger Started: 5/29/2020 4:55:21 PM Interval: 2 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Targets

    • Target

      RjJZqTyRrEpvftP.exe

    • Size

      863KB

    • MD5

      95b6c2e6cfef73be03af6ec5a4c82be8

    • SHA1

      de12d0b9c6141d48b5cf436446071b57cab750be

    • SHA256

      05634115b645d0df04cd66ef32a3d4301fda48edb1750d87f404e1ba73b6be04

    • SHA512

      339cb7d10389e45aa87b0e8e76a95662e4a7487e8585ba58c085956b0fde873ab068a6b4880d96f2641aaa4b8ef786516292f936386201846ed5e986f008604d

    Score
    10/10
    ransomwarestealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks