General

  • Target

    976a2bda95a3dcd8242ff06a2d4368d3ad26156e077abcc5a3e71b6a0832942c

  • Size

    1.2MB

  • Sample

    220329-y3janaehdl

  • MD5

    72c63bcd20411f6cf9d6da2894727a94

  • SHA1

    b576850ab8ba689d8329a4cb99646a48db3be869

  • SHA256

    976a2bda95a3dcd8242ff06a2d4368d3ad26156e077abcc5a3e71b6a0832942c

  • SHA512

    ccc5c36f7e2167410be82c6c6847e5bf8805dcba95edaa17ad021dc83ad383c0af8e45fcf363dcc6a1a578623ed013d6bd95ad9629cca33459c5a7f892317c09

Malware Config

Targets

    • Target

      976a2bda95a3dcd8242ff06a2d4368d3ad26156e077abcc5a3e71b6a0832942c

    • Size

      1.2MB

    • MD5

      72c63bcd20411f6cf9d6da2894727a94

    • SHA1

      b576850ab8ba689d8329a4cb99646a48db3be869

    • SHA256

      976a2bda95a3dcd8242ff06a2d4368d3ad26156e077abcc5a3e71b6a0832942c

    • SHA512

      ccc5c36f7e2167410be82c6c6847e5bf8805dcba95edaa17ad021dc83ad383c0af8e45fcf363dcc6a1a578623ed013d6bd95ad9629cca33459c5a7f892317c09

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks