Overview

overview

10

Static

static

TECHNICAL SHEET.exe

windows7_x64

10

TECHNICAL SHEET.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TECHNICAL SHEET.exe

  • Size

    923KB

  • Sample

    200630-e91lsmmmna

  • MD5

    55126f1115a5e05fadd9d0f097273809

  • SHA1

    f95d9e0be8191a2b3657584e5bcab782c1e36882

  • SHA256

    d02c315a42a4a452a9e78011fbcce66f9f53bab788513d1b6f52e8fc70aa9f3c

  • SHA512

    c2a8637b29326c90f1f8c828f7c762d9be203c1192a09f208b79c1d8627f82cd155bb5b5ac8a1ebc27338e7ff502d9f23c9b79a805e6b675afb7cd6f33585bab

Score
10/10
massloggerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\C8A579F880\Log.txt

Family

masslogger

Ransom Note
################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 6/30/2020 8:43:02 AM MassLogger Started: 6/30/2020 8:42:56 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\TECHNICAL SHEET.exe MassLogger Melt: false MassLogger Exit after delivery: true As Administrator: True Processes:

Targets

    • Target

      TECHNICAL SHEET.exe

    • Size

      923KB

    • MD5

      55126f1115a5e05fadd9d0f097273809

    • SHA1

      f95d9e0be8191a2b3657584e5bcab782c1e36882

    • SHA256

      d02c315a42a4a452a9e78011fbcce66f9f53bab788513d1b6f52e8fc70aa9f3c

    • SHA512

      c2a8637b29326c90f1f8c828f7c762d9be203c1192a09f208b79c1d8627f82cd155bb5b5ac8a1ebc27338e7ff502d9f23c9b79a805e6b675afb7cd6f33585bab

    Score
    10/10
    ransomwarespywarestealermasslogger

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks