General

  • Target

    90727a7eb845362cee15e9ba91eb41597f122a94c97648db57e648298deb98a6

  • Size

    1.1MB

  • Sample

    220324-3e4c5scffr

  • MD5

    3e55b3d9f4801b7e06e5c93b39c0dfb6

  • SHA1

    0ce465155d2a6f219fa3c9c5e4b4f8c5bc7a9bda

  • SHA256

    90727a7eb845362cee15e9ba91eb41597f122a94c97648db57e648298deb98a6

  • SHA512

    397dd541e8df6b3b1d3c6dcf2ee5563bd4497f78a781055bcd0b563e23b43eafef96cb8191854ef501b27dc6c44ee6d676052dfa3aa035878c86b0c9ac6523af

Malware Config

Targets

    • Target

      90727a7eb845362cee15e9ba91eb41597f122a94c97648db57e648298deb98a6

    • Size

      1.1MB

    • MD5

      3e55b3d9f4801b7e06e5c93b39c0dfb6

    • SHA1

      0ce465155d2a6f219fa3c9c5e4b4f8c5bc7a9bda

    • SHA256

      90727a7eb845362cee15e9ba91eb41597f122a94c97648db57e648298deb98a6

    • SHA512

      397dd541e8df6b3b1d3c6dcf2ee5563bd4497f78a781055bcd0b563e23b43eafef96cb8191854ef501b27dc6c44ee6d676052dfa3aa035878c86b0c9ac6523af

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks