masslogger

General

Target

c56b8249e2d2be73d21bd63af677772e.exe
Size

1.1MB
Sample

200731-8x5sj6td2n
MD5

c56b8249e2d2be73d21bd63af677772e
SHA1

af5308028d7432d264a27218c79e9870d17c724e
SHA256

2323b4b4394b43e7b111f83e2f487238bdfa3ce99215309a7f86cac39be51235
SHA512

7a4ab7778aace5574c27b9fde6f477a1f446973675e2b0e863467ce5e6e64039fda150d4506e65eede3c50d7490917d20830d0cb18bdf1d6826b34a64b42759d

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\E2C1E8F1FA\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 7 Professional 64bit CPU: Persocon Processor 2.5+ GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/31/2020 8:36:43 AM MassLogger Started: 7/31/2020 8:36:37 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Roaming\appdata\hfsjrifske.exe As Administrator: True

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\480F96756F\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.3.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.51 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Persocon Processor 2.5+ GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 7/31/2020 8:36:33 AM MassLogger Started: 7/31/2020 8:36:30 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Roaming\appdata\hfsjrifske.exe As Administrator: True

Extracted

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
clerf@keithwilliamgroup.com
Password:
?SqRS*vtmraMf

Targets

- Target
  
  c56b8249e2d2be73d21bd63af677772e.exe
- Size
  
  1.1MB
- MD5
  
  c56b8249e2d2be73d21bd63af677772e
- SHA1
  
  af5308028d7432d264a27218c79e9870d17c724e
- SHA256
  
  2323b4b4394b43e7b111f83e2f487238bdfa3ce99215309a7f86cac39be51235
- SHA512
  
  7a4ab7778aace5574c27b9fde6f477a1f446973675e2b0e863467ce5e6e64039fda150d4506e65eede3c50d7490917d20830d0cb18bdf1d6826b34a64b42759d
Score

10^/10

ransomware upx spyware stealer masslogger
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger log file
  Detects a log file produced by MassLogger.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

MassLogger log file

Executes dropped EXE

UPX packed file

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2