General

  • Target

    Bc.exe

  • Size

    424KB

  • Sample

    201124-sblaq4znkj

  • MD5

    ab5be19947a194e51f29f19188f314a6

  • SHA1

    f1a9c981746a0faf7439317224709edebb72ac26

  • SHA256

    b25aeadf9b7a24092bf9cc73be9f45ccfa08ac94c5a883aff2d8d8a5df68ffd9

  • SHA512

    3f4cc65e8f54973c70687d438fd205263c33babad4bf49921bd9177e586d444ab44eb2d41fd95acca6bf477e3e94260edd74a754288dd93a9515efe514891058

Malware Config

Targets

    • Target

      Bc.exe

    • Size

      424KB

    • MD5

      ab5be19947a194e51f29f19188f314a6

    • SHA1

      f1a9c981746a0faf7439317224709edebb72ac26

    • SHA256

      b25aeadf9b7a24092bf9cc73be9f45ccfa08ac94c5a883aff2d8d8a5df68ffd9

    • SHA512

      3f4cc65e8f54973c70687d438fd205263c33babad4bf49921bd9177e586d444ab44eb2d41fd95acca6bf477e3e94260edd74a754288dd93a9515efe514891058

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks