Tehcnical analysis by the Malware Hunter JAMESWT

MassLogger hits again organizations in a international campaign. The attachments start the malware infection chain

MassLogger hits again with a targeted campaign against organizations. There are new emails on the wild, that exploit real companies to let the victim open the malicious attachments. They are all compressed files. Some of them with a JavaScript inside. Others, with an .exe file or a .bat one. Those start the infection chain, downloading the encrypted malware. This one then is decoded and made operative. MassLogger is a keylogger, which steals login credentials and sensitive data, transmitted to C2 servers via ftp. According Italian CERT-AgID cyber security experts, the last campaign has targeted until now:

Austria

Belgium

Czech Republic

Denmark

France

United Kingdom

Germany

Italy

The Netherlands

Spain

United States

The PowerShell Script to start the malware infection in the Italian chapter of the campaign

DNS HTTP/HTTPS requests / Connection