General

  • Target

    Quote.exe

  • Size

    819KB

  • Sample

    200630-57y3knbcla

  • MD5

    6439abd7b4c1b488020e75ab69953823

  • SHA1

    48a5f222470d4525c80b8ffbd426deea63674284

  • SHA256

    e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611

  • SHA512

    c726b916947d966f4e1db2c3e41c73089dbbe3330155487b36ab176ce22fc1fd123a16e891cf876b0da93bec49fa52e683f3dcb73bc8a3ff94e52f4b0c59fe31

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/30/2020 12:25:14 PM MassLogger Started: 6/30/2020 12:25:07 PM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\Quote.exe As Administrator: True

Targets

    • Target

      Quote.exe

    • Size

      819KB

    • MD5

      6439abd7b4c1b488020e75ab69953823

    • SHA1

      48a5f222470d4525c80b8ffbd426deea63674284

    • SHA256

      e64a8bcf44c1671d77ee091bf44aa2021c71fb8349562dcbb4c7d6d1686d1611

    • SHA512

      c726b916947d966f4e1db2c3e41c73089dbbe3330155487b36ab176ce22fc1fd123a16e891cf876b0da93bec49fa52e683f3dcb73bc8a3ff94e52f4b0c59fe31

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks