General

  • Target

    8fe4004f6f7d561acd5cc39434aa1fabe02550618b149555ae338a76c7612168

  • Size

    852KB

  • Sample

    220329-zxk3qsfdfk

  • MD5

    7e1e802d3717ead79b81e6a704ba375d

  • SHA1

    76d577b8628197a50ea624c9ffda6afaf42bef56

  • SHA256

    8fe4004f6f7d561acd5cc39434aa1fabe02550618b149555ae338a76c7612168

  • SHA512

    7a23e6682e33d200abd9136b9e89001ce220dd330ac63fe5d6fc4f1d12ada53f68ad385b37d2752509449684948dc611471c570c5ca3a379de8659c8755574d4

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.turkaykalibrasyon.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Cc_8A46

Targets

    • Target

      8fe4004f6f7d561acd5cc39434aa1fabe02550618b149555ae338a76c7612168

    • Size

      852KB

    • MD5

      7e1e802d3717ead79b81e6a704ba375d

    • SHA1

      76d577b8628197a50ea624c9ffda6afaf42bef56

    • SHA256

      8fe4004f6f7d561acd5cc39434aa1fabe02550618b149555ae338a76c7612168

    • SHA512

      7a23e6682e33d200abd9136b9e89001ce220dd330ac63fe5d6fc4f1d12ada53f68ad385b37d2752509449684948dc611471c570c5ca3a379de8659c8755574d4

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks