Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry

This report analyzes a fileless Masslogger credential-stealer variant distributed via encoded VBScript (.VBE/.VBS) that writes obfuscated stagers and a segmented payload into HKCU registry keys, persists via a scheduled task, loads .NET assemblies in memory (stager-1 -> stager-2), uses process hollowing to inject the final Masslogger payload into AddInProcess32.exe, and exfiltrates harvested browser/email credentials and system data via FTP, SMTP or Telegram; the report includes MD5 hashes, a hardcoded URL, Seqrite detections and MITRE ATT&CK mappings to aid detection and response.