General

  • Target

    Our New Order Jan 12 2020 at 2.30_PVV940_PDF.exe

  • Size

    651KB

  • Sample

    210112-pn3t57n9t2

  • MD5

    7baac165106087233cbc5e41ab1174e5

  • SHA1

    c4796a2d8612ef8dd11269641cb5cd532bea1256

  • SHA256

    b5a3cf350d8aa4afa017d90a37e3206574774eefc57c36da525a89606d704025

  • SHA512

    d7d6c9a2fcfd9563d6b7b7476e4d48649611bc94f397cb9e90313b994f2cac23987e3e4da6f698050967ccca10a2d0a14dd81b5215a1277faa08cab2ed8d70aa

Malware Config

Targets

    • Target

      Our New Order Jan 12 2020 at 2.30_PVV940_PDF.exe

    • Size

      651KB

    • MD5

      7baac165106087233cbc5e41ab1174e5

    • SHA1

      c4796a2d8612ef8dd11269641cb5cd532bea1256

    • SHA256

      b5a3cf350d8aa4afa017d90a37e3206574774eefc57c36da525a89606d704025

    • SHA512

      d7d6c9a2fcfd9563d6b7b7476e4d48649611bc94f397cb9e90313b994f2cac23987e3e4da6f698050967ccca10a2d0a14dd81b5215a1277faa08cab2ed8d70aa

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks