Severity
High
Analysis Summary
MassLogger, a .NET credential stealer, is a keylogger and stealer malware. MassLogger’s prime objective is data extraction or information theft, such as bank account and/or credit card details. This malware was published in April 2020 and was offered for a moderate price on underground forums with a few licence choices. It starts with a launcher that employs rudimentary anti-debugging techniques that may be readily bypassed if detected. Eventually, the first stage loader XOR-decrypts the second stage assembly, which then decrypts, loads, and executes the final MassLogger payload.
MassLogger targets a wide range of apps to steal log-in credentials and other sensitive information. It obtains and exfiltrates user credentials from a variety of sources, including Microsoft Outlook, Google Chrome, Mozilla Firefox, and instant messengers.
Impact
- Financial Theft
- Information Theft
Indicators of Compromise
MD5
- 0265996f2e742cdfdddd516ef67bfe77
SHA-256
- 7f5b4abedcc3406fb5405a44e3f655cf8c1683c05baf0afbc32a3042a29439ff
SHA-1
- 4e0f77480643764caf618695af58360f5f3e2ee6
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.