General

  • Target

    PpmL6iWndhgWrcD.exe

  • Size

    1.1MB

  • Sample

    200709-prcy6txx3a

  • MD5

    df2db4f9f94ff52505e05dc746a8d121

  • SHA1

    6b846e1e87e4fb5af5e00e043df316e0a8be15ac

  • SHA256

    2e5c6ecfef94f9922f152344b96041b85bf2dc01136e921e2d8c644d903b708d

  • SHA512

    b97bc9287f4cce5d1710d2f687c5a4023e9a6bcf92b19bab9dfadce8e13b901e2b070221e4477963fe7576fadf96b2856b8c3dd06297532b4010ece74fdc9794

Malware Config

Targets

    • Target

      PpmL6iWndhgWrcD.exe

    • Size

      1.1MB

    • MD5

      df2db4f9f94ff52505e05dc746a8d121

    • SHA1

      6b846e1e87e4fb5af5e00e043df316e0a8be15ac

    • SHA256

      2e5c6ecfef94f9922f152344b96041b85bf2dc01136e921e2d8c644d903b708d

    • SHA512

      b97bc9287f4cce5d1710d2f687c5a4023e9a6bcf92b19bab9dfadce8e13b901e2b070221e4477963fe7576fadf96b2856b8c3dd06297532b4010ece74fdc9794

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks