General

  • Target

    fd6057305a1a096c3f51272fb2e9a82b5de02272bf529a68a15e49cba7b1ce3c

  • Size

    932KB

  • Sample

    220329-zvjf5afdcn

  • MD5

    c86f8521b25bc90981ba532e4857eb74

  • SHA1

    ef5d5d2c80e6af6e7ffb3f65ed9fe62832386b75

  • SHA256

    fd6057305a1a096c3f51272fb2e9a82b5de02272bf529a68a15e49cba7b1ce3c

  • SHA512

    e372b2d06c929060bc157569727e9e3420d92dead880d0c46f08cf28a3a458b8572e1423a12476f89b5a4f9cfa4bae7058d32341f18fb916527979279c79fc52

Malware Config

Targets

    • Target

      fd6057305a1a096c3f51272fb2e9a82b5de02272bf529a68a15e49cba7b1ce3c

    • Size

      932KB

    • MD5

      c86f8521b25bc90981ba532e4857eb74

    • SHA1

      ef5d5d2c80e6af6e7ffb3f65ed9fe62832386b75

    • SHA256

      fd6057305a1a096c3f51272fb2e9a82b5de02272bf529a68a15e49cba7b1ce3c

    • SHA512

      e372b2d06c929060bc157569727e9e3420d92dead880d0c46f08cf28a3a458b8572e1423a12476f89b5a4f9cfa4bae7058d32341f18fb916527979279c79fc52

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks