General

  • Target

    jIKCcfIsjpcUSjM.exe

  • Size

    1.0MB

  • Sample

    200709-713a9qc81e

  • MD5

    e0f5a9692b13a65f4ed7a92449c4f6cc

  • SHA1

    d37be284e64870fbb6c398bfe2fc97fcbcaadeb1

  • SHA256

    96425dbadde8f6374899265654e2e0d7e471c756c34dff01f7d5ab08cb0c6a23

  • SHA512

    d91777c4b94768a5cfebed8fbb99b4f19ebd8e0dd7ffd1bbe8b01aa2e045968433dd10dbfe20aa97ccfbeb0e5bcba5f5c23d0be525d12cacb3dc357697dc361a

Malware Config

Targets

    • Target

      jIKCcfIsjpcUSjM.exe

    • Size

      1.0MB

    • MD5

      e0f5a9692b13a65f4ed7a92449c4f6cc

    • SHA1

      d37be284e64870fbb6c398bfe2fc97fcbcaadeb1

    • SHA256

      96425dbadde8f6374899265654e2e0d7e471c756c34dff01f7d5ab08cb0c6a23

    • SHA512

      d91777c4b94768a5cfebed8fbb99b4f19ebd8e0dd7ffd1bbe8b01aa2e045968433dd10dbfe20aa97ccfbeb0e5bcba5f5c23d0be525d12cacb3dc357697dc361a

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks