General

  • Target

    7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3

  • Size

    757KB

  • Sample

    220329-xsf7waebdj

  • MD5

    f51fbd759104b8425a569cf718a949ec

  • SHA1

    c9105a4e8a0805576815498b6af0f9b1b6987c88

  • SHA256

    7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3

  • SHA512

    fe44c406540cb71e239e96401f3f6b1da1e10297f8e36676276668bcff1eefc4d3ae832fe83bcf8e654e318c9cf4d72b556bd5c50b02dd5c6fa82f750e40307f

Malware Config

Targets

    • Target

      7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3

    • Size

      757KB

    • MD5

      f51fbd759104b8425a569cf718a949ec

    • SHA1

      c9105a4e8a0805576815498b6af0f9b1b6987c88

    • SHA256

      7f8b560226f2635ccd84bd498b4c73b0c573e4c78b4b463c523807ebf4867ce3

    • SHA512

      fe44c406540cb71e239e96401f3f6b1da1e10297f8e36676276668bcff1eefc4d3ae832fe83bcf8e654e318c9cf4d72b556bd5c50b02dd5c6fa82f750e40307f

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks