General

  • Target

    6f9d75d89456467de8b96f43958ab04abef34c9479fff0d657e84bf8c78129ad

  • Size

    913KB

  • Sample

    220329-1vct1sfhhn

  • MD5

    00bf7a25f150b58f7bac1be51c9caa7c

  • SHA1

    29b79e338797f80e30a3dec290109e9ab5981a17

  • SHA256

    6f9d75d89456467de8b96f43958ab04abef34c9479fff0d657e84bf8c78129ad

  • SHA512

    6b8faff3a4ba1283c4d72990fbad7e88a1da28cf98670748f3ef75d0bc9277a60c29768ab40f35eb52d8a948af4cbe3a6d3ccfa3aeacde424ad6849e8a1832c9

Malware Config

Targets

    • Target

      6f9d75d89456467de8b96f43958ab04abef34c9479fff0d657e84bf8c78129ad

    • Size

      913KB

    • MD5

      00bf7a25f150b58f7bac1be51c9caa7c

    • SHA1

      29b79e338797f80e30a3dec290109e9ab5981a17

    • SHA256

      6f9d75d89456467de8b96f43958ab04abef34c9479fff0d657e84bf8c78129ad

    • SHA512

      6b8faff3a4ba1283c4d72990fbad7e88a1da28cf98670748f3ef75d0bc9277a60c29768ab40f35eb52d8a948af4cbe3a6d3ccfa3aeacde424ad6849e8a1832c9

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks