General

  • Target

    d37beb594fcaa19286989b9b1078d13a6681ccbf2bcf0baf6ed776eea752496d

  • Size

    3.6MB

  • Sample

    220324-ychansabeq

  • MD5

    f1a67248ce8149fab4b7906a2b76042d

  • SHA1

    750f264f45a4538aaa4ada80eee6f7b798013506

  • SHA256

    d37beb594fcaa19286989b9b1078d13a6681ccbf2bcf0baf6ed776eea752496d

  • SHA512

    7afd7274719e82690c3633f3d61abc12d30f3f036f2bca01c434012a6ffb743b953e43808d78fd61f98c280f0dc404c29235355732d2668f9cd991990e9c8935

Malware Config

Targets

    • Target

      d37beb594fcaa19286989b9b1078d13a6681ccbf2bcf0baf6ed776eea752496d

    • Size

      3.6MB

    • MD5

      f1a67248ce8149fab4b7906a2b76042d

    • SHA1

      750f264f45a4538aaa4ada80eee6f7b798013506

    • SHA256

      d37beb594fcaa19286989b9b1078d13a6681ccbf2bcf0baf6ed776eea752496d

    • SHA512

      7afd7274719e82690c3633f3d61abc12d30f3f036f2bca01c434012a6ffb743b953e43808d78fd61f98c280f0dc404c29235355732d2668f9cd991990e9c8935

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks