General

  • Target

    2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1

  • Size

    1002KB

  • Sample

    220320-bbqjbsdfcn

  • MD5

    a8eb54cfdbabd3b91b313fe353191074

  • SHA1

    781a8e755076313748e8317ecf4e0c0a050da642

  • SHA256

    2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1

  • SHA512

    4c807116a25467760c0ba42c65bfb1c563e07027ab7b777b8f5de3a17d45c66e3c4df61d9bb73699d1b84a0c6ee47e441a74b25a69ddff7061261a1e943cfc94

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ayocj@2021

Targets

    • Target

      2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1

    • Size

      1002KB

    • MD5

      a8eb54cfdbabd3b91b313fe353191074

    • SHA1

      781a8e755076313748e8317ecf4e0c0a050da642

    • SHA256

      2de28a8bb0865b0d378c409279bc68671b2f8ca916a6fa54a1488542810cc0c1

    • SHA512

      4c807116a25467760c0ba42c65bfb1c563e07027ab7b777b8f5de3a17d45c66e3c4df61d9bb73699d1b84a0c6ee47e441a74b25a69ddff7061261a1e943cfc94

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks