Rewterz Threat Alert – Lazarus APT Group – Active IOCs
August 18, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
August 18, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
August 18, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
August 18, 2022Severity
High
Analysis Summary
MassLogger, a .NET credential stealer, is a keylogger and stealer malware. MassLogger’s prime objective is data extraction or information theft, such as bank account and/or credit card details. This malware was published in April 2020 and was offered for a moderate price on underground forums with a few licence choices. It starts with a launcher that employs rudimentary anti-debugging techniques that may be readily bypassed if detected. Eventually, the first stage loader XOR-decrypts the second stage assembly, which then decrypts, loads, and executes the final MassLogger payload.
MassLogger targets a wide range of apps to steal log-in credentials and other sensitive information. It obtains and exfiltrates user credentials from a variety of sources, including Microsoft Outlook, Google Chrome, Mozilla Firefox, and instant messengers.
Impact
- Financial Theft
- Information Theft
Indicators of Compromise
MD5
- d617cfaf2f5cfcb5c50ecc28d0d02582
- eba4d2ae1e21dd2d6d8fffe408d6adbd
- 2bb1aa0fd3ba10b9da58570bdf755402
SHA-256
- 4a4d5455c9e941082c8c08a96102afc9d33abc40985bfcc00b6bee8c098066fd
- d4480d07c420969d1a3fa0f5520bc27017fca825b45ed625fe10a7f6f6852e84
- 98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8
SHA-1
- 63a2d370a2c0ef547cc7a78e220e0d9021e2b4a1
- ec8874543247658819ebd6dfbf8f14c2b4a4f0a3
- a31cb26e9cd88c0a26b576aa4f185ed5f5135fb4
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.