General

  • Target

    7f3d79e67f7ffcb7576162e579b64c28124230907e49d0adbd5d7c072f3e818f

  • Size

    5.6MB

  • Sample

    220320-aepwjacgf9

  • MD5

    7bedf14ca5899a134b977c1ff888a44d

  • SHA1

    be5ded5084d40291f748323fd615afdee7893a24

  • SHA256

    7f3d79e67f7ffcb7576162e579b64c28124230907e49d0adbd5d7c072f3e818f

  • SHA512

    3790b2cfe16c426f0c11db923621f3ef9b033d9477c29d99afdb7ec04d64fa7be335717bc5098a5a485c07722c259025ce07319096e940eee9fdc2e29b8929b9

Malware Config

Targets

    • Target

      7f3d79e67f7ffcb7576162e579b64c28124230907e49d0adbd5d7c072f3e818f

    • Size

      5.6MB

    • MD5

      7bedf14ca5899a134b977c1ff888a44d

    • SHA1

      be5ded5084d40291f748323fd615afdee7893a24

    • SHA256

      7f3d79e67f7ffcb7576162e579b64c28124230907e49d0adbd5d7c072f3e818f

    • SHA512

      3790b2cfe16c426f0c11db923621f3ef9b033d9477c29d99afdb7ec04d64fa7be335717bc5098a5a485c07722c259025ce07319096e940eee9fdc2e29b8929b9

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks