Overview

overview

10

Static

static

#gfe00620.exe

windows7_x64

10

#gfe00620.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    #gfe00620.exe

  • Size

    1.1MB

  • Sample

    200629-7zpz9ndl7a

  • MD5

    504fd653e392b36a4f829f583d8e5f29

  • SHA1

    a5b27394da0c8afffbc4dfa4a734db62917b9fae

  • SHA256

    abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7

  • SHA512

    e4c030d4a8e1693cb04158e4df28c51f916b4814bb4494c418248b861230a5ac6c55a41fbef46f3e7a0749b3d863850a37b2a8b5349a83a92b15fe394cf212ab

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.7.1 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States Windows OS: Microsoft Windows 7 Professional 64bit Windows Serial Key: HYF8J-CVRMY-CM74G-RPHKF-PW487 CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/29/2020 2:46:33 PM MassLogger Started: 6/29/2020 2:46:27 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\#gfe00620.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Targets

    • Target

      #gfe00620.exe

    • Size

      1.1MB

    • MD5

      504fd653e392b36a4f829f583d8e5f29

    • SHA1

      a5b27394da0c8afffbc4dfa4a734db62917b9fae

    • SHA256

      abe23e12f4aa1f3e0b9ea3777ffaaf4fdcf9ccb21e7331b32d20bfa3a511f6c7

    • SHA512

      e4c030d4a8e1693cb04158e4df28c51f916b4814bb4494c418248b861230a5ac6c55a41fbef46f3e7a0749b3d863850a37b2a8b5349a83a92b15fe394cf212ab

    Score
    10/10
    ransomwarestealerspywaremasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks