General

  • Target

    9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77

  • Size

    914KB

  • Sample

    220329-1tk41afhgn

  • MD5

    0f3c38dc04fae704e7835db67b86337b

  • SHA1

    94d7e2aafda6a765e0114b795f22795e0ce2eb3f

  • SHA256

    9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77

  • SHA512

    91aab1d38c5aaa4c107088a14ae8cd3632e67118c2dd59002757f040c858e32657c775ff5565117e0d19b63887e1b4d0ef89402abe627c033521341fc8b3e296

Malware Config

Targets

    • Target

      9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77

    • Size

      914KB

    • MD5

      0f3c38dc04fae704e7835db67b86337b

    • SHA1

      94d7e2aafda6a765e0114b795f22795e0ce2eb3f

    • SHA256

      9fa6c69b85fdf73724e8c5415686271b4142a20a64aef1e6c8c31887aad91a77

    • SHA512

      91aab1d38c5aaa4c107088a14ae8cd3632e67118c2dd59002757f040c858e32657c775ff5565117e0d19b63887e1b4d0ef89402abe627c033521341fc8b3e296

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks