General

  • Target

    91c271a46e134739ff01742e9a788f69d4446cf049b4988ae162c44e412e4b0e

  • Size

    1.0MB

  • Sample

    220324-sww1aafegl

  • MD5

    c00d5af6a990f463462289f5570fc137

  • SHA1

    9712e15444dec4b77750f75f04955587b718e083

  • SHA256

    91c271a46e134739ff01742e9a788f69d4446cf049b4988ae162c44e412e4b0e

  • SHA512

    77933e87eda8a9edd21430743c62aca684d9cc0cc2dacdb50dc003902de9273b6b63e2211594267717bc01f597407416cec9e0963f303a6194e19320793d3442

Malware Config

Targets

    • Target

      91c271a46e134739ff01742e9a788f69d4446cf049b4988ae162c44e412e4b0e

    • Size

      1.0MB

    • MD5

      c00d5af6a990f463462289f5570fc137

    • SHA1

      9712e15444dec4b77750f75f04955587b718e083

    • SHA256

      91c271a46e134739ff01742e9a788f69d4446cf049b4988ae162c44e412e4b0e

    • SHA512

      77933e87eda8a9edd21430743c62aca684d9cc0cc2dacdb50dc003902de9273b6b63e2211594267717bc01f597407416cec9e0963f303a6194e19320793d3442

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks