General

  • Target

    23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998

  • Size

    1.2MB

  • Sample

    220325-hv9vmsfhcr

  • MD5

    ad610eb3869add43809e66ac3bba7ea2

  • SHA1

    9151b1c48efd4d6fd4f761cdfc7cdb09ebd99438

  • SHA256

    23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998

  • SHA512

    f7c9ac07fafb5090720a260ec9e4b559a6c2dc725aa013a8e9fbe0035701b7d1b6739597c46d44bc6d7a8546c2a8ed6d7b912c130d1630e1cf179f4ac3d2946b

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    bh-58.webhostbox.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#

Targets

    • Target

      23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998

    • Size

      1.2MB

    • MD5

      ad610eb3869add43809e66ac3bba7ea2

    • SHA1

      9151b1c48efd4d6fd4f761cdfc7cdb09ebd99438

    • SHA256

      23d8d2ec5c74306a2a81f56ef2f5567e20426249cd3228cb5d57f6a353fcc998

    • SHA512

      f7c9ac07fafb5090720a260ec9e4b559a6c2dc725aa013a8e9fbe0035701b7d1b6739597c46d44bc6d7a8546c2a8ed6d7b912c130d1630e1cf179f4ac3d2946b

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks