General

  • Target

    Document_BT24PDF.vbs

  • Size

    3KB

  • Sample

    201213-7mt6wadbds

  • MD5

    025b41f87e14cb954c4a059fbad4878e

  • SHA1

    a67752f5f90d3e7f08176d818390d479fe4061c1

  • SHA256

    4c02a2fad0d163c4e3ab8540c7d2bf8c9266424a4cbec17108f0105fc96cd26a

  • SHA512

    023119ed955108931f2f23c6bc8d703afb9e269cbd00e43d5581929259e9bc69cde7008efa60e97c59d6021a11bade092ce0661183c0e5386360f83e28733bdd

Malware Config

Targets

    • Target

      Document_BT24PDF.vbs

    • Size

      3KB

    • MD5

      025b41f87e14cb954c4a059fbad4878e

    • SHA1

      a67752f5f90d3e7f08176d818390d479fe4061c1

    • SHA256

      4c02a2fad0d163c4e3ab8540c7d2bf8c9266424a4cbec17108f0105fc96cd26a

    • SHA512

      023119ed955108931f2f23c6bc8d703afb9e269cbd00e43d5581929259e9bc69cde7008efa60e97c59d6021a11bade092ce0661183c0e5386360f83e28733bdd

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks