General

  • Target

    afafb5eb201f8d4fba9aa72689d3c60f4a164bda112d7802fc306e3f398fc919

  • Size

    785KB

  • Sample

    220329-zt2lbafdcj

  • MD5

    6c86880ee44419ccb069a7b6e27164a8

  • SHA1

    c15c14e93f8d69a8fb68b0e253484c187f229636

  • SHA256

    afafb5eb201f8d4fba9aa72689d3c60f4a164bda112d7802fc306e3f398fc919

  • SHA512

    765d68262dcaeb62e9b3118ce3b08854d478c9f9fa2ae26d0c507f88eb929be8b1e2fe7b2c277621c2c25bc181f055bd8228d8647fee12712d96d0bc7dc13e56

Malware Config

Targets

    • Target

      afafb5eb201f8d4fba9aa72689d3c60f4a164bda112d7802fc306e3f398fc919

    • Size

      785KB

    • MD5

      6c86880ee44419ccb069a7b6e27164a8

    • SHA1

      c15c14e93f8d69a8fb68b0e253484c187f229636

    • SHA256

      afafb5eb201f8d4fba9aa72689d3c60f4a164bda112d7802fc306e3f398fc919

    • SHA512

      765d68262dcaeb62e9b3118ce3b08854d478c9f9fa2ae26d0c507f88eb929be8b1e2fe7b2c277621c2c25bc181f055bd8228d8647fee12712d96d0bc7dc13e56

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks