General

  • Target

    eacbb4b23c004c8cf1e79b633472135ac9ae3cd7982a6868d6d7c1acec9b9717

  • Size

    1.4MB

  • Sample

    220320-dyre9agab4

  • MD5

    1f79d53f922e01e26f29a363eca1e01b

  • SHA1

    d1277ec8c0814e45bf5efc9b10d7cf73c33b7787

  • SHA256

    eacbb4b23c004c8cf1e79b633472135ac9ae3cd7982a6868d6d7c1acec9b9717

  • SHA512

    3a568223583126fb25d54c67a48500bfa00a7c9ed80973edc215e81c5a2992b3b05068a11976c91b8c4b5f5f347e38daf4d5842a186b8aa8cca8dcd3368b308a

Malware Config

Targets

    • Target

      eacbb4b23c004c8cf1e79b633472135ac9ae3cd7982a6868d6d7c1acec9b9717

    • Size

      1.4MB

    • MD5

      1f79d53f922e01e26f29a363eca1e01b

    • SHA1

      d1277ec8c0814e45bf5efc9b10d7cf73c33b7787

    • SHA256

      eacbb4b23c004c8cf1e79b633472135ac9ae3cd7982a6868d6d7c1acec9b9717

    • SHA512

      3a568223583126fb25d54c67a48500bfa00a7c9ed80973edc215e81c5a2992b3b05068a11976c91b8c4b5f5f347e38daf4d5842a186b8aa8cca8dcd3368b308a

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks