General

  • Target

    0cc24b8e311a128fec1325c66d975a8df6d35c7dd8777a6cc4eeb3e0f470b720

  • Size

    5.5MB

  • Sample

    220320-c5lmxafdbq

  • MD5

    a2e1aed4ea11e7c7c830ffbc23359efa

  • SHA1

    9d74eaadaaf0483ceed4ecdb098d155ce66ce53f

  • SHA256

    0cc24b8e311a128fec1325c66d975a8df6d35c7dd8777a6cc4eeb3e0f470b720

  • SHA512

    32c6e101d3559890184261a2a0c95adeac6b3e9822a86beb65aefa9c81a86da9e1814113d733b99e6f36b7083e2665d5d1594b63dc9ac611b43fad9c769ce831

Malware Config

Targets

    • Target

      0cc24b8e311a128fec1325c66d975a8df6d35c7dd8777a6cc4eeb3e0f470b720

    • Size

      5.5MB

    • MD5

      a2e1aed4ea11e7c7c830ffbc23359efa

    • SHA1

      9d74eaadaaf0483ceed4ecdb098d155ce66ce53f

    • SHA256

      0cc24b8e311a128fec1325c66d975a8df6d35c7dd8777a6cc4eeb3e0f470b720

    • SHA512

      32c6e101d3559890184261a2a0c95adeac6b3e9822a86beb65aefa9c81a86da9e1814113d733b99e6f36b7083e2665d5d1594b63dc9ac611b43fad9c769ce831

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks