General

  • Target

    fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744

  • Size

    929KB

  • Sample

    220324-yhqh8sdfb5

  • MD5

    3a82674a82c6821e9983caba6eff0898

  • SHA1

    880893a2eea75aa04fa20c8a19a0fd214ed789cb

  • SHA256

    fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744

  • SHA512

    0c650837bf2e97c3146e2aabac891be25fc7f5b9fcdfb2b7f0cd9168ef178fffbdd6b07ca54a617ffa0dd2d6d04ae11bb5e5243e6c81d5cc3cb5ff6ab95a0050

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ayocj@2021

Targets

    • Target

      fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744

    • Size

      929KB

    • MD5

      3a82674a82c6821e9983caba6eff0898

    • SHA1

      880893a2eea75aa04fa20c8a19a0fd214ed789cb

    • SHA256

      fef0548b857ed86dd3094a7d4f29129bbe20c4a8a68f4af112330ddab4d6e744

    • SHA512

      0c650837bf2e97c3146e2aabac891be25fc7f5b9fcdfb2b7f0cd9168ef178fffbdd6b07ca54a617ffa0dd2d6d04ae11bb5e5243e6c81d5cc3cb5ff6ab95a0050

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks