Description
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
DHL_January 2020 at 13M_9B7290_PDF.exe
General
Target
Size
Sample
DHL_January 2020 at 13M_9B7290_PDF.exe
736KB
210113-vep4mf82p6
Score
10 /10
MD5
SHA1
SHA256
SHA512
b9ca60bd296e8b80185f531b8fd82a8b
39b868b11fe71cc7d0bbb88f3ebb8198648808cc
a39304a39ad9b9427b000045f7f5c60ed7790fe1a79d604ba9379bb94c0da593
1ab95c7f9c8b5db41d4161b0694545b25a758b3222b6fbfd47123f0c622c2ddfe7574f31026d646d0d026bff77a4c30b7e1e9a03c90925fcdba5f268af0c734e
Malware Config
Targets
Target
MD5
Filesize
DHL_January 2020 at 13M_9B7290_PDF.exe
b9ca60bd296e8b80185f531b8fd82a8b
736KB
Score
10 /10
SHA1
SHA256
SHA512
39b868b11fe71cc7d0bbb88f3ebb8198648808cc
a39304a39ad9b9427b000045f7f5c60ed7790fe1a79d604ba9379bb94c0da593
1ab95c7f9c8b5db41d4161b0694545b25a758b3222b6fbfd47123f0c622c2ddfe7574f31026d646d0d026bff77a4c30b7e1e9a03c90925fcdba5f268af0c734e
Tags
Signatures
-
MassLogger
-
MassLogger Main Payload
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks