General

  • Target

    PO-7645785.scr

  • Size

    454KB

  • Sample

    201125-gbzq92fhfj

  • MD5

    ae1c8c22758c84c580e75ce6f1e19287

  • SHA1

    c879a01b916cc64b9f37f6458432ff8b337e4f91

  • SHA256

    9cab0d87fcf8728503b48e8a9a69552cbd46b32dc3ee1e29984d846cb3aa6818

  • SHA512

    c6874b1f8a11e955c69be79bea1f1149b12940255659df1d81a4edb690fe6aeee6e2c94c86fd6b4e25c42d056abe35bcf30c6b38c88e0841b950360b5d5cb363

Malware Config

Targets

    • Target

      PO-7645785.scr

    • Size

      454KB

    • MD5

      ae1c8c22758c84c580e75ce6f1e19287

    • SHA1

      c879a01b916cc64b9f37f6458432ff8b337e4f91

    • SHA256

      9cab0d87fcf8728503b48e8a9a69552cbd46b32dc3ee1e29984d846cb3aa6818

    • SHA512

      c6874b1f8a11e955c69be79bea1f1149b12940255659df1d81a4edb690fe6aeee6e2c94c86fd6b4e25c42d056abe35bcf30c6b38c88e0841b950360b5d5cb363

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks