General

  • Target

    159c3604b2029a44824b26b8817ed0dc0a12a8d4dcd2e23c379be8675aa93f0a

  • Size

    812KB

  • Sample

    220324-khgz7sbban

  • MD5

    9dc514d1bc3173d30f22c042ba8e74c3

  • SHA1

    630a31acafb13d1323c9432e58aed14df009cdbd

  • SHA256

    159c3604b2029a44824b26b8817ed0dc0a12a8d4dcd2e23c379be8675aa93f0a

  • SHA512

    b812f8db5eed8983ff1521a4aa4586d5dd77355d89d50de366cd75123a0244d69e7bf2b7b5b49e797031ffcef544c6fa891b2ef37f82133fe0e3c4856f331f81

Malware Config

Targets

    • Target

      159c3604b2029a44824b26b8817ed0dc0a12a8d4dcd2e23c379be8675aa93f0a

    • Size

      812KB

    • MD5

      9dc514d1bc3173d30f22c042ba8e74c3

    • SHA1

      630a31acafb13d1323c9432e58aed14df009cdbd

    • SHA256

      159c3604b2029a44824b26b8817ed0dc0a12a8d4dcd2e23c379be8675aa93f0a

    • SHA512

      b812f8db5eed8983ff1521a4aa4586d5dd77355d89d50de366cd75123a0244d69e7bf2b7b5b49e797031ffcef544c6fa891b2ef37f82133fe0e3c4856f331f81

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks