General

  • Target

    a4636361bcbdc17962a54f53a8583ff6d0e157e2ed51c30ea3f50a5cd339d903

  • Size

    932KB

  • Sample

    220329-zw1rssfdem

  • MD5

    3f763bdf71cd4c634e8b74d54a3eca21

  • SHA1

    507969e9f3262bd8951e87d97321018a1bc88b83

  • SHA256

    a4636361bcbdc17962a54f53a8583ff6d0e157e2ed51c30ea3f50a5cd339d903

  • SHA512

    d65ced75d3d9f53ea00b65cb43b5809178ae2bcc9c127998ac66803d433ca7f60a2bbf6db096baa5fcd150ba14cacccd5365cb27613f7df43e5e7edca5856575

Malware Config

Targets

    • Target

      a4636361bcbdc17962a54f53a8583ff6d0e157e2ed51c30ea3f50a5cd339d903

    • Size

      932KB

    • MD5

      3f763bdf71cd4c634e8b74d54a3eca21

    • SHA1

      507969e9f3262bd8951e87d97321018a1bc88b83

    • SHA256

      a4636361bcbdc17962a54f53a8583ff6d0e157e2ed51c30ea3f50a5cd339d903

    • SHA512

      d65ced75d3d9f53ea00b65cb43b5809178ae2bcc9c127998ac66803d433ca7f60a2bbf6db096baa5fcd150ba14cacccd5365cb27613f7df43e5e7edca5856575

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks