Rewterz Threat Alert – MassLogger Malware – Active IOCs

Severity

High

Analysis Summary

MassLogger, a .NET credential stealer, is a keylogger and stealer malware. MassLogger’s prime objective is data extraction or information theft, such as bank account and/or credit card details. This malware was published in April 2020 and was offered for a moderate price on underground forums with a few licence choices. It starts with a launcher that employs rudimentary anti-debugging techniques that may be readily bypassed if detected. Eventually, the first stage loader XOR-decrypts the second stage assembly, which then decrypts, loads, and executes the final MassLogger payload.
MassLogger targets a wide range of apps to steal log-in credentials and other sensitive information. It obtains and exfiltrates user credentials from a variety of sources, including Microsoft Outlook, Google Chrome, Mozilla Firefox, and instant messengers.

Impact

• Financial Theft
• Information Theft

Indicators of Compromise

MD5

• 1e3b9b3c9243ad08a9a71c1c5815b194
• a393679a29046acea89136e6924c3e19
• ca6a0d1a61d47ca4b6e9ea29bb5a357a

SHA-256

• 3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
• 711d00503de479cd6ffd1492e2d42eecd96c9a946c0d6bb088dd37c696a76f00
• d8c010b7d4e2b63ed74a680750f3671ba6674e9c51eb061e610f1ed72ba63f1e

SHA-1

• 54e370ed00b51781d527f0d09f3ee69245d2d46f
• df345f6ee3e546d6d9320dc68482f0cc643ffed5
• 890525244230e81fddf090a13b0502132626bcdf

Remediation

• Block the threat indicators at their respective controls.
• Search for IOCs in your environment.