History

anhqpho a1aea141a7 Update README.md		2021-02-22 22:10:15 +07:00
..
extras	MassLogger	2021-02-22 17:31:15 +07:00
README.md	Update README.md	2021-02-22 22:10:15 +07:00
config.txt	Create config.txt	2021-02-22 15:23:20 +07:00
network.txt	MassLogger	2021-02-22 17:31:15 +07:00
samples.md5	MassLogger	2021-02-22 17:31:15 +07:00
samples.sha1	MassLogger	2021-02-22 17:31:15 +07:00
samples.sha256	MassLogger	2021-02-22 17:31:15 +07:00

README.md

IoC for MassLogger

Malware analysis and more technical information at https://decoded.avast.io/anhho/masslogger-v3-a-net-stealer-with-serious-obfuscation/

Samples (SHA-256)
Network indicators

Samples (SHA-256)

56cdab11e53a0e5874133e04e90e5829f9d28a3cfd215a5f9e98c3b146bb3c1a
c5e4e3626c2df21cb71de5713203c3155481ac3a4e33642466b5c7fc8176bab2
1ddfb935de736c5e8bd07d909d08cfdf105cf45fbfd46801ff65d9bc0cf51ca7
167deeb9c2533a249de5795b2cda3213988a15f0e3adb1eb0ef097a5fedbf70b
972662b8c2761f8557a4db52c4b8cb9c10dd712eb49baa6cb6701c252382465a
772532344e2f49bc9e8bfa2c6d61f789617f7ecb01f26aa7ce6d672137718178
29afcbe8fc5da49fbce2da538821e1c6a806d6a640d68f995195ea271a5357e8
4fc8063a138a426737f939cc23844df0e3be3c2aaec043a5136bc8cccc065f60
93316169290f31a1aa2ed1613ee44f2e529238ca26600df07a8b0076c38bc146
8908918728286712e2f32e8319e75af0341d9c1bebe07ee460362d4752d6f1e8
6f026b437efabd6237c2cc0f0ba97efe67fbb3334a35a7c5ef4be4e893d5d110
569b8e82be35754c8d0f183c63f725863e04c7a72cccfb4368fc735c35a35a7b
c8f402b68c199a7dbc98c47d2bd23085dcdfa5fb4adeb8a43a319ef0dd5044e6
73c8b6f716d0e2a40f8a437ef14b90b160c3ac5da10469db0252075c112d74dd
2c72055f04248f5cd5a05d4929eabda0934d2575b92149f45001be5ca981584f
bb2b16143b3fbbfa756d74faa9ae92c2c06035a7100a5ed2b44bf6cf3ab9258a
7a8db30a1f86b7d4db0b9e10eea646d254fe9f235881a81f2fc21380f45b3051
982bd53341535ec66cae51fda4631f39ed9ba44947a783b5a2edf66daf28c7b3
658553ecc9631400e23f4a3ab88b8dd1f101a1e0d5bb61c434d332878a52c64d
03afa4fdd197b0fb7d20e26343cd6a84f42b2be0e8d9ba060f7f689cb17a8d52
478d137f1c915b24c799c9f1c81b4bd9adb423fe57e5c33addd3a6031f87aa47
3f83c090819bc1dd8a9c1db3588b51ecd839bf0ca85a21f552c4346abe09efdc
d1bea71bbdcf75f0b5f49cd0c4bca1fd70dc6ef44333e034e015c315ba4b408c
7b3491ec6132248cc30c29ee292849c1c2637eb8d52016f9f01d6124c1b9581b
16b7b4738aae90442e6d976ca8261e9941c894cb5630c2f474bba4ce0f164bea
c0bc32ac8075ff6d3c44a8579529f8e9363a9d8520db70ff0665ac83e96ca1fa
5a53fe3402bdeadc3050347b922358e1bc183210a6e69640e3df91018988274d
ef6e8e8d31d3167c9cd5d1b177950992d7cb8f9f3f4a363dd9a2e86d7653fa39
4437b68359985c54b9ca97444f4b3a8db6ac4ca90fa7312305123920e9daac02
56358232f7320b3ade07fed642a0520ac19f7d2e6ace6c23e59b10376d63c561
a6e82eb37aef00046c58cf6f57e011af918828ab590438ea97dcb1bf6aea6488
8546f91fbba81d6557a71098aa0bffe4ff17f85faa0458c45b9ed926eb371568
898303c2fbab7608e4a85fc9c6f38a75815c9e23bb0980415cc2a7fcff0fbf63
61312b72632f897fb5f36493f1e3696885674ef10cb8343520040194f340a92a
e32e29a9e0c222af6a2daa4cfc99df98d996f53fdf4f4d451021bb57fec68a83
518ac201abeaba51946729c18b4aa0f1d2b1ec93c5fb212245de658387738b1d
245e470d00a4da06a576ddee4bf9c0f03a8bb1084f2059b19c988d8bd7e78b7c
49b58c17a00fcc1f2f5b54d7ea4a51de450357771cc796b1c0ec2511bfebb234
e0e6e90b952c07f8b8793b47d13fec103295cc5f299774686c4e09761226640d

Network indicators

FTP

fxp://alvorkitecenter[.]com
fxp://med-star[.]gr
fxp://ftp.ayudasaudiovisuales[.]com
fxp://st05[.]net
fxp://ecurs[.]ro

SMTP

pop@bals.gq
rakplant@emirates.net.ae
adonilifranky@gmail.com
rakplant@eim.ae
Williamslucy570@gmail.com
henryresult@yandex.com
info@beljemi.com
nwamalog@hisensetech.ml
nwama@hisensetech.ml
jaleel.rehman@osaimiengineering.com.sa

HTTP

hxxps://bradbo[.]life/mass/?/upload
hxxps://www.med-star[.]gr/panel/?/login
hxxps://server295[.]web-hosting[.]com

README.md

IoC for MassLogger

Table of Contents

Samples (SHA-256)

MassLogger binary and related files

Network indicators

FTP

SMTP

HTTP