General

  • Target

    5de9eb96e1e47a35585e0eb77d4b2567c87d57812fdde90ecb62d3d9f9a81e8e

  • Size

    5.9MB

  • Sample

    220319-v6e6maeghm

  • MD5

    502651f64975fefea89045df9c37af20

  • SHA1

    3211c3ca578bf5c258608627662c851eb008b248

  • SHA256

    5de9eb96e1e47a35585e0eb77d4b2567c87d57812fdde90ecb62d3d9f9a81e8e

  • SHA512

    1b22d2aff226a9bab3d75d841ae949be0614faaea9ad0a3bfd3a50710d4a0b87b9564119a88da9beda24cc15ceed75e7cd5cfea48a261e11a74e167224790efb

Malware Config

Targets

    • Target

      5de9eb96e1e47a35585e0eb77d4b2567c87d57812fdde90ecb62d3d9f9a81e8e

    • Size

      5.9MB

    • MD5

      502651f64975fefea89045df9c37af20

    • SHA1

      3211c3ca578bf5c258608627662c851eb008b248

    • SHA256

      5de9eb96e1e47a35585e0eb77d4b2567c87d57812fdde90ecb62d3d9f9a81e8e

    • SHA512

      1b22d2aff226a9bab3d75d841ae949be0614faaea9ad0a3bfd3a50710d4a0b87b9564119a88da9beda24cc15ceed75e7cd5cfea48a261e11a74e167224790efb

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks