General

  • Target

    ZWiW2Y27HUjCG5Y.exe

  • Size

    1.1MB

  • Sample

    200709-6jhapqbd3n

  • MD5

    a1c4c357d66c06dab0cabe3803e4ba48

  • SHA1

    b665fe8a7806111221819df058202508bbfaea12

  • SHA256

    b7e415a16cfc8d84c09f105709910d808f0ad13e64c7feb4169b135fe57c7f99

  • SHA512

    b39066bc46e18c469ccae10ea33077d999ea1f48c97af662a15e4ab905033ab12ce02c000f6635c55fb854ff27baf6f62c9b373927f3e16b4f9e3d1a5f4a84b0

Malware Config

Targets

    • Target

      ZWiW2Y27HUjCG5Y.exe

    • Size

      1.1MB

    • MD5

      a1c4c357d66c06dab0cabe3803e4ba48

    • SHA1

      b665fe8a7806111221819df058202508bbfaea12

    • SHA256

      b7e415a16cfc8d84c09f105709910d808f0ad13e64c7feb4169b135fe57c7f99

    • SHA512

      b39066bc46e18c469ccae10ea33077d999ea1f48c97af662a15e4ab905033ab12ce02c000f6635c55fb854ff27baf6f62c9b373927f3e16b4f9e3d1a5f4a84b0

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks