General

  • Target

    c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2

  • Size

    759KB

  • Sample

    220329-xrzb3aebcm

  • MD5

    71bb0a60e9de1d8efa73d3632f0352ae

  • SHA1

    c6a7ec2d34aa4ac3371ff40175cfd36048de50e1

  • SHA256

    c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2

  • SHA512

    84d166b386561519d9c6c0b6f9bfce1b657cb0a2fe6b7a3e2e2249a701483f2119eafb612b3b7abf8b4727568bea9fe9eff3db28fdf7994dd1766083089d065e

Malware Config

Targets

    • Target

      c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2

    • Size

      759KB

    • MD5

      71bb0a60e9de1d8efa73d3632f0352ae

    • SHA1

      c6a7ec2d34aa4ac3371ff40175cfd36048de50e1

    • SHA256

      c688c2462c9b9e60d2f96d7b6e5d4d4c7b1f4d21f4eee54f9e8dd5285b9722e2

    • SHA512

      84d166b386561519d9c6c0b6f9bfce1b657cb0a2fe6b7a3e2e2249a701483f2119eafb612b3b7abf8b4727568bea9fe9eff3db28fdf7994dd1766083089d065e

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks