General

  • Target

    SecuriteInfo.com.Artemis770794B83E35.3724

  • Size

    425KB

  • Sample

    201124-rhrw3p2fqn

  • MD5

    770794b83e35334b509c03028e6e9867

  • SHA1

    4c33e182fd061c32ca07998ea9c400f4461dc7ff

  • SHA256

    0cfaf73ddf6e3feddd2f730a8f047bb8e578fba3f39ea01393eba0fa80ebe13e

  • SHA512

    1191b9aa516c396788d8272ee41f684e68ebf870a5468eb7f313bced577bbe83c1a52b357200c305811d8a8aaac292ee5c468e6078f10546cd69cce99ca7e494

Malware Config

Targets

    • Target

      SecuriteInfo.com.Artemis770794B83E35.3724

    • Size

      425KB

    • MD5

      770794b83e35334b509c03028e6e9867

    • SHA1

      4c33e182fd061c32ca07998ea9c400f4461dc7ff

    • SHA256

      0cfaf73ddf6e3feddd2f730a8f047bb8e578fba3f39ea01393eba0fa80ebe13e

    • SHA512

      1191b9aa516c396788d8272ee41f684e68ebf870a5468eb7f313bced577bbe83c1a52b357200c305811d8a8aaac292ee5c468e6078f10546cd69cce99ca7e494

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks