General

  • Target

    ea2ad7a1899fa2e07ef0068352a66cf60433cf4fd898eb52152d1264b0cb61d6

  • Size

    893KB

  • Sample

    220329-1zv66agaep

  • MD5

    83beb8de9babc5f638699db150da07e0

  • SHA1

    7f4374a1d364202a70779d17d8242464a2a9ea70

  • SHA256

    ea2ad7a1899fa2e07ef0068352a66cf60433cf4fd898eb52152d1264b0cb61d6

  • SHA512

    711fcc6dbd4053061b473936a2de4b38a7917fe20cccfb31ce0ed7ec19e25f3d1533f5d56de82a3ba1b33ce961e28130c254111b40cdce256ecc4f11a070efe0

Malware Config

Targets

    • Target

      ea2ad7a1899fa2e07ef0068352a66cf60433cf4fd898eb52152d1264b0cb61d6

    • Size

      893KB

    • MD5

      83beb8de9babc5f638699db150da07e0

    • SHA1

      7f4374a1d364202a70779d17d8242464a2a9ea70

    • SHA256

      ea2ad7a1899fa2e07ef0068352a66cf60433cf4fd898eb52152d1264b0cb61d6

    • SHA512

      711fcc6dbd4053061b473936a2de4b38a7917fe20cccfb31ce0ed7ec19e25f3d1533f5d56de82a3ba1b33ce961e28130c254111b40cdce256ecc4f11a070efe0

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks