General

  • Target

    9a82eb6f998fd55b7a33d3679cc90797.exe

  • Size

    428KB

  • Sample

    201125-nr9rwtzd8n

  • MD5

    9a82eb6f998fd55b7a33d3679cc90797

  • SHA1

    7bdeba3301dc7e5e931bbb44bdf83e457e2773b5

  • SHA256

    e95d8b2d7c80f9b47d7c3fb368256962c357404e85f45701a473b6354ca18133

  • SHA512

    05ccd5e1808aa62bb4c9fa6a8b96d2a4daf39bdd6b9bf1836d29e3c527180b796e029ef4cc459d7b75b70b8da0db2d58f99f5e6f6b7de773a6268daafe1fb8aa

Malware Config

Targets

    • Target

      9a82eb6f998fd55b7a33d3679cc90797.exe

    • Size

      428KB

    • MD5

      9a82eb6f998fd55b7a33d3679cc90797

    • SHA1

      7bdeba3301dc7e5e931bbb44bdf83e457e2773b5

    • SHA256

      e95d8b2d7c80f9b47d7c3fb368256962c357404e85f45701a473b6354ca18133

    • SHA512

      05ccd5e1808aa62bb4c9fa6a8b96d2a4daf39bdd6b9bf1836d29e3c527180b796e029ef4cc459d7b75b70b8da0db2d58f99f5e6f6b7de773a6268daafe1fb8aa

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks