General

  • Target

    be3d01b35638bd7753f8148e4ec76efd8518a0d8b31c5e2f1e63489e59701aaa

  • Size

    12.6MB

  • Sample

    220329-2ef26scbe3

  • MD5

    faba3ad9d3a6c303e4aee436e313cd78

  • SHA1

    0999abe09bd8658ff91c62ab23346f7a7ffa4b01

  • SHA256

    be3d01b35638bd7753f8148e4ec76efd8518a0d8b31c5e2f1e63489e59701aaa

  • SHA512

    65477a2abc80a1c1f48d4295593f1fa246b0c42823ce1e68a15bdf5e4163b07f27408b7bd30999f047220194afb6c9134941946d412e38636a85d284831df893

Malware Config

Targets

    • Target

      be3d01b35638bd7753f8148e4ec76efd8518a0d8b31c5e2f1e63489e59701aaa

    • Size

      12.6MB

    • MD5

      faba3ad9d3a6c303e4aee436e313cd78

    • SHA1

      0999abe09bd8658ff91c62ab23346f7a7ffa4b01

    • SHA256

      be3d01b35638bd7753f8148e4ec76efd8518a0d8b31c5e2f1e63489e59701aaa

    • SHA512

      65477a2abc80a1c1f48d4295593f1fa246b0c42823ce1e68a15bdf5e4163b07f27408b7bd30999f047220194afb6c9134941946d412e38636a85d284831df893

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks