General

  • Target

    9f2b4b2331d9d2dfa77ec994e4a53de1feb7474b6925cea7fb3228bb38aa3f9d

  • Size

    989KB

  • Sample

    220329-11wjbabhe4

  • MD5

    9cd6fdd143485cf45183f18df7d6fecf

  • SHA1

    6dff2477d44d9622ccde16b86daf53456b694d56

  • SHA256

    9f2b4b2331d9d2dfa77ec994e4a53de1feb7474b6925cea7fb3228bb38aa3f9d

  • SHA512

    239e32ab9682980c4d998e7ba4acbd278826f6c077ffdf8ae5cc54553786887b59ebb4a06da2ac7bf034cabc503f1f4ebdf9ab08df1686fbdaea5d226e1e336c

Malware Config

Targets

    • Target

      9f2b4b2331d9d2dfa77ec994e4a53de1feb7474b6925cea7fb3228bb38aa3f9d

    • Size

      989KB

    • MD5

      9cd6fdd143485cf45183f18df7d6fecf

    • SHA1

      6dff2477d44d9622ccde16b86daf53456b694d56

    • SHA256

      9f2b4b2331d9d2dfa77ec994e4a53de1feb7474b6925cea7fb3228bb38aa3f9d

    • SHA512

      239e32ab9682980c4d998e7ba4acbd278826f6c077ffdf8ae5cc54553786887b59ebb4a06da2ac7bf034cabc503f1f4ebdf9ab08df1686fbdaea5d226e1e336c

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks