General

  • Target

    ae8490c6c9427bfaef29dd7bab221339241856e0004131afae7c177062b7ae46

  • Size

    932KB

  • Sample

    220329-zws2ysfdel

  • MD5

    ab7c077600e9949890c29b246cbeb836

  • SHA1

    1ecdbf92f3922bd0c31bc6765eee83b564fe50a5

  • SHA256

    ae8490c6c9427bfaef29dd7bab221339241856e0004131afae7c177062b7ae46

  • SHA512

    3706f5d95598e9c85f4578dba298491b0ee3a70d8f63165a892baf9d3a0336996b1fee1ea82efbe27c3dc0027c5e2bde58e9019230383e1e92136eb56738a099

Malware Config

Targets

    • Target

      ae8490c6c9427bfaef29dd7bab221339241856e0004131afae7c177062b7ae46

    • Size

      932KB

    • MD5

      ab7c077600e9949890c29b246cbeb836

    • SHA1

      1ecdbf92f3922bd0c31bc6765eee83b564fe50a5

    • SHA256

      ae8490c6c9427bfaef29dd7bab221339241856e0004131afae7c177062b7ae46

    • SHA512

      3706f5d95598e9c85f4578dba298491b0ee3a70d8f63165a892baf9d3a0336996b1fee1ea82efbe27c3dc0027c5e2bde58e9019230383e1e92136eb56738a099

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks