Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
August 25, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
August 25, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
August 25, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
August 25, 2022Severity
High
Analysis Summary
MassLogger, a .NET credential stealer, is a keylogger and stealer malware. MassLogger’s prime objective is data extraction or information theft, such as bank account and/or credit card details. This malware was published in April 2020 and was offered for a moderate price on underground forums with a few licence choices. It starts with a launcher that employs rudimentary anti-debugging techniques that may be readily bypassed if detected. Eventually, the first stage loader XOR-decrypts the second stage assembly, which then decrypts, loads, and executes the final MassLogger payload.
MassLogger targets a wide range of apps to steal log-in credentials and other sensitive information. It obtains and exfiltrates user credentials from a variety of sources, including Microsoft Outlook, Google Chrome, Mozilla Firefox, and instant messengers.
Impact
- Financial Theft
- Information Theft
Indicators of Compromise
MD5
- 1e3b9b3c9243ad08a9a71c1c5815b194
- a393679a29046acea89136e6924c3e19
- ca6a0d1a61d47ca4b6e9ea29bb5a357a
SHA-256
- 3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
- 711d00503de479cd6ffd1492e2d42eecd96c9a946c0d6bb088dd37c696a76f00
- d8c010b7d4e2b63ed74a680750f3671ba6674e9c51eb061e610f1ed72ba63f1e
SHA-1
- 54e370ed00b51781d527f0d09f3ee69245d2d46f
- df345f6ee3e546d6d9320dc68482f0cc643ffed5
- 890525244230e81fddf090a13b0502132626bcdf
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.