Overview

overview

10

Static

static

Shipment D...00.exe

windows7_x64

10

Shipment D...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipment Docs_Eval-MV-#00019839991900.exe

  • Size

    1.9MB

  • Sample

    200624-9h1ztzxz9x

  • MD5

    7d79b1f7dbf678558734e2e3941edab3

  • SHA1

    0cb670cbaf18ddcc3b53810d133c312ac734e51f

  • SHA256

    43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51

  • SHA512

    404cd7f0ccd70a01141a837816eefc32b61281346399f01bb3314971cf576e368086da83dc1409d9d92614d5a268e9f4818de1ff3e06494f057ee8057ab852df

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/24/2020 8:38:04 PM MassLogger Started: 6/24/2020 8:37:55 PM Interval: 6 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\740CAB5E8A\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Persocon Processor 2.5+ GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/24/2020 8:37:54 PM MassLogger Started: 6/24/2020 8:37:45 PM Interval: 6 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\740CAB5E8A\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.2.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Persocon Processor 2.5+ GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/24/2020 8:38:55 PM MassLogger Started: 6/24/2020 8:38:51 PM Interval: 6 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe As Administrator: True

Targets

    • Target

      Shipment Docs_Eval-MV-#00019839991900.exe

    • Size

      1.9MB

    • MD5

      7d79b1f7dbf678558734e2e3941edab3

    • SHA1

      0cb670cbaf18ddcc3b53810d133c312ac734e51f

    • SHA256

      43c22ad8da4c7b3702e70d5c97e7ceed85a50dbd7926fccc5eda0bd775fcec51

    • SHA512

      404cd7f0ccd70a01141a837816eefc32b61281346399f01bb3314971cf576e368086da83dc1409d9d92614d5a268e9f4818de1ff3e06494f057ee8057ab852df

    Score
    10/10
    ransomwarespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks