General

  • Target

    3364c1c123ca6adae8e0787bb787a6189769d18e220807f3d8654f6a9d201979

  • Size

    1024KB

  • Sample

    220319-2makcsbcg8

  • MD5

    fd7ad7a7bcb966a445c73988c01762ab

  • SHA1

    25bf12dfe7cd9b87bd4bcd1eed99d87c1885495c

  • SHA256

    3364c1c123ca6adae8e0787bb787a6189769d18e220807f3d8654f6a9d201979

  • SHA512

    7b3abca286ad20e26c109cda99bb6fcc31b05f9f5c617788219d9d1a93abad8a152b960e3bdf6a3bb7a6e6744d80ff327b81bfedb6f45e9bbf509510c01ecaee

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.accent.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sp@123456

Targets

    • Target

      3364c1c123ca6adae8e0787bb787a6189769d18e220807f3d8654f6a9d201979

    • Size

      1024KB

    • MD5

      fd7ad7a7bcb966a445c73988c01762ab

    • SHA1

      25bf12dfe7cd9b87bd4bcd1eed99d87c1885495c

    • SHA256

      3364c1c123ca6adae8e0787bb787a6189769d18e220807f3d8654f6a9d201979

    • SHA512

      7b3abca286ad20e26c109cda99bb6fcc31b05f9f5c617788219d9d1a93abad8a152b960e3bdf6a3bb7a6e6744d80ff327b81bfedb6f45e9bbf509510c01ecaee

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks