Technical analysis by the Malware Hunter JAMESWT

New cybercrime campaign to convey MassLogger. The bait is always false invoices. The .doc file contacts a link from which the malware is downloaded

MassLogger still attacks with the usual fake invoice bait coming from a real company. The attachment contains a .doc file which, if opened, contacts a link from which the malware is downloaded. This is a keylogger that steals login credentials and sensitive data, which are transmitted to C2 servers via smtp.

The fake mail from the real company

The flow of data exfiltrated via SMTP

DNS HTTP/HTTPS requests / Connection