General

  • Target

    6a697cde97666b7646ef2fb20abc67f667c42bfa24a88c20eec140919c37180f

  • Size

    820KB

  • Sample

    220329-w9d86sdgfl

  • MD5

    09529c516a569b7229d2d927cb25a5ab

  • SHA1

    9149c8a20eca1eda6eb2971f9cbaeb300ec7eee4

  • SHA256

    6a697cde97666b7646ef2fb20abc67f667c42bfa24a88c20eec140919c37180f

  • SHA512

    57ae6526d4e729b307dd60aa34477fc8f01290abb9a545741d4338dfec7fc6f25dae2eb916f9ca0c7fa20018fa1e55dcbe951d72622bc29d73bb9a09353f54d7

Malware Config

Targets

    • Target

      6a697cde97666b7646ef2fb20abc67f667c42bfa24a88c20eec140919c37180f

    • Size

      820KB

    • MD5

      09529c516a569b7229d2d927cb25a5ab

    • SHA1

      9149c8a20eca1eda6eb2971f9cbaeb300ec7eee4

    • SHA256

      6a697cde97666b7646ef2fb20abc67f667c42bfa24a88c20eec140919c37180f

    • SHA512

      57ae6526d4e729b307dd60aa34477fc8f01290abb9a545741d4338dfec7fc6f25dae2eb916f9ca0c7fa20018fa1e55dcbe951d72622bc29d73bb9a09353f54d7

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks