General

  • Target

    cdcca14762350631687767fbf582ddbb3c9a84fbae2235d308b8e1fa2077af87

  • Size

    1.4MB

  • Sample

    220329-2brdqscbb2

  • MD5

    4a5d1e29a280df8c5fbf7c7e8cb0223d

  • SHA1

    5efe0281b9494861273fecd6053e0fb499683ce3

  • SHA256

    cdcca14762350631687767fbf582ddbb3c9a84fbae2235d308b8e1fa2077af87

  • SHA512

    9b98605b40e442082eb2dfba12939b65c08bc28dc7927f4c6cfec01dcea9ca87cdc2261b8e6ff2f7e8dae2d204f155b4bdfb1c8110d0b663bd905291e1b7624f

Malware Config

Targets

    • Target

      cdcca14762350631687767fbf582ddbb3c9a84fbae2235d308b8e1fa2077af87

    • Size

      1.4MB

    • MD5

      4a5d1e29a280df8c5fbf7c7e8cb0223d

    • SHA1

      5efe0281b9494861273fecd6053e0fb499683ce3

    • SHA256

      cdcca14762350631687767fbf582ddbb3c9a84fbae2235d308b8e1fa2077af87

    • SHA512

      9b98605b40e442082eb2dfba12939b65c08bc28dc7927f4c6cfec01dcea9ca87cdc2261b8e6ff2f7e8dae2d204f155b4bdfb1c8110d0b663bd905291e1b7624f

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks