Medium
MassLogger is malware written using .NET and designed to steal credentials and act as spyware. MassLogger is modular with a number of modules available for various purposes. Packers are typically used to help evade detection and some anti-debugging techniques are employed to make analysis of MassLogger more difficult. Process injection is used to make the malware fileless and exist only in memory. The variant analysed by G DATA for their report used SMTP to exfiltrate data to a C&C server. It can also be configured to use FTP for data exfiltration.
Data exfiltration
Block all threat indicators at your respective controls.
Search for IOCs in your environment.