General

  • Target

    7f4a8817194c0e03846857fb54f2cf04b111543f05f73640cf45c8c56434dcd8

  • Size

    932KB

  • Sample

    220329-zxqcfsfdfm

  • MD5

    59cc035bd968177e257f3a0047799adb

  • SHA1

    905dda03a92afe482f00285cc391d3a637b8e40e

  • SHA256

    7f4a8817194c0e03846857fb54f2cf04b111543f05f73640cf45c8c56434dcd8

  • SHA512

    84c0d67eb27f660563e4e01701349605bfc5de2380fa2ecad9c65a53e6f4125d91070970d94b48a56ed54da1548c4f251c3957a0979a5b60890943db992c33e1

Malware Config

Targets

    • Target

      7f4a8817194c0e03846857fb54f2cf04b111543f05f73640cf45c8c56434dcd8

    • Size

      932KB

    • MD5

      59cc035bd968177e257f3a0047799adb

    • SHA1

      905dda03a92afe482f00285cc391d3a637b8e40e

    • SHA256

      7f4a8817194c0e03846857fb54f2cf04b111543f05f73640cf45c8c56434dcd8

    • SHA512

      84c0d67eb27f660563e4e01701349605bfc5de2380fa2ecad9c65a53e6f4125d91070970d94b48a56ed54da1548c4f251c3957a0979a5b60890943db992c33e1

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks