General

  • Target

    bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862

  • Size

    978KB

  • Sample

    220320-a4j2ksdda6

  • MD5

    aa1aa2d0307474108a549350c03ec3d5

  • SHA1

    b86a42187c3232317f6caf43b10b77fdceaea89e

  • SHA256

    bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862

  • SHA512

    3d19b96bfb25952c0d4eb86a5bbc5649f696fa7ab2701bdbfa08ad430cdda70232275a697f5a73bca7e6c2f7e37a5f0fb2522683c755ea04f0d46d89556d9ab0

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.accent.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sp@123456

Targets

    • Target

      bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862

    • Size

      978KB

    • MD5

      aa1aa2d0307474108a549350c03ec3d5

    • SHA1

      b86a42187c3232317f6caf43b10b77fdceaea89e

    • SHA256

      bb56979fa2622c499b6de2dbee183d7f4a432a1f31cf149b07abcb32cfe1a862

    • SHA512

      3d19b96bfb25952c0d4eb86a5bbc5649f696fa7ab2701bdbfa08ad430cdda70232275a697f5a73bca7e6c2f7e37a5f0fb2522683c755ea04f0d46d89556d9ab0

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks