General

  • Target

    5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0

  • Size

    5.9MB

  • Sample

    220319-s2c5csche3

  • MD5

    5d57f6237b49ba2e2d65dbf436177e06

  • SHA1

    62d43dbeabfef6727bdf86ce7021ea0eaf79ee23

  • SHA256

    5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0

  • SHA512

    0dd0c60bd5128167c508399e079d0bf253935ac6d8a39fdf8a6ed7e984c3302d8b4abc07ecb043b65597fd5449927705d15bb11176f4ce86772caad70d76fcbe

Malware Config

Targets

    • Target

      5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0

    • Size

      5.9MB

    • MD5

      5d57f6237b49ba2e2d65dbf436177e06

    • SHA1

      62d43dbeabfef6727bdf86ce7021ea0eaf79ee23

    • SHA256

      5dbfd4aa7cb80df7ed65e8f9f0acb5472d6c5733050869aa2d906410cd8e26a0

    • SHA512

      0dd0c60bd5128167c508399e079d0bf253935ac6d8a39fdf8a6ed7e984c3302d8b4abc07ecb043b65597fd5449927705d15bb11176f4ce86772caad70d76fcbe

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks