General

  • Target

    d9a709e5bd3a4df4c940612173b9c74837aa24fffba996cd7bf16a9c3c9d2c55

  • Size

    486KB

  • Sample

    220319-x2ytaagfdl

  • MD5

    02873476a02f4fc6fa52b7d214108e2e

  • SHA1

    d41808470a10a708caf99bb55265994fa621ebc8

  • SHA256

    d9a709e5bd3a4df4c940612173b9c74837aa24fffba996cd7bf16a9c3c9d2c55

  • SHA512

    7ccb14fbe6d636416cbd2014eba74e3e7206a16bdafa851b725463a3171b7c8d73cd4fffea093edebe549fd13fe4236153a948667fcb11a92e239c14b3f700e8

Malware Config

Targets

    • Target

      d9a709e5bd3a4df4c940612173b9c74837aa24fffba996cd7bf16a9c3c9d2c55

    • Size

      486KB

    • MD5

      02873476a02f4fc6fa52b7d214108e2e

    • SHA1

      d41808470a10a708caf99bb55265994fa621ebc8

    • SHA256

      d9a709e5bd3a4df4c940612173b9c74837aa24fffba996cd7bf16a9c3c9d2c55

    • SHA512

      7ccb14fbe6d636416cbd2014eba74e3e7206a16bdafa851b725463a3171b7c8d73cd4fffea093edebe549fd13fe4236153a948667fcb11a92e239c14b3f700e8

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks