General

  • Target

    1f63d3a280da9afc6349fb118e2d5a58510a3a64252353c080c552691b8bf8bd

  • Size

    949KB

  • Sample

    220329-13blxsbhg2

  • MD5

    88f2baa69f2b4ec126e84e5ba5b1dc9d

  • SHA1

    d712aac5fe35e60d48e935932b172beefff611db

  • SHA256

    1f63d3a280da9afc6349fb118e2d5a58510a3a64252353c080c552691b8bf8bd

  • SHA512

    1ee9e179de0f8181dcef9294c8f88b35ac8a6cc18edd7ab009cca91ef46f144f5a9fcf74f77b88e0b10308cb9aaef0a32343102f770b17f8b0e97678f666feeb

Malware Config

Targets

    • Target

      1f63d3a280da9afc6349fb118e2d5a58510a3a64252353c080c552691b8bf8bd

    • Size

      949KB

    • MD5

      88f2baa69f2b4ec126e84e5ba5b1dc9d

    • SHA1

      d712aac5fe35e60d48e935932b172beefff611db

    • SHA256

      1f63d3a280da9afc6349fb118e2d5a58510a3a64252353c080c552691b8bf8bd

    • SHA512

      1ee9e179de0f8181dcef9294c8f88b35ac8a6cc18edd7ab009cca91ef46f144f5a9fcf74f77b88e0b10308cb9aaef0a32343102f770b17f8b0e97678f666feeb

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks