General

  • Target

    286dc27d30d82e6eb449aa64531a47be5a2366ee21c2082f1a8c38b82fa1d6d0

  • Size

    852KB

  • Sample

    220329-zycgzsfdgk

  • MD5

    c8fe7880ad2413ed000316fd1b5baab3

  • SHA1

    f377b4f91e6f8638ac52fcc2e65dba450fc90e41

  • SHA256

    286dc27d30d82e6eb449aa64531a47be5a2366ee21c2082f1a8c38b82fa1d6d0

  • SHA512

    3b865aa69cd440549c1c549dad17d520ff7e8976977e51746a2a2e50baed253fe1f366474e07678bbc430e92d8c1a71025ca82957c70fb21a381e9c09c42a8e0

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.turkaykalibrasyon.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Cc_8A46

Targets

    • Target

      286dc27d30d82e6eb449aa64531a47be5a2366ee21c2082f1a8c38b82fa1d6d0

    • Size

      852KB

    • MD5

      c8fe7880ad2413ed000316fd1b5baab3

    • SHA1

      f377b4f91e6f8638ac52fcc2e65dba450fc90e41

    • SHA256

      286dc27d30d82e6eb449aa64531a47be5a2366ee21c2082f1a8c38b82fa1d6d0

    • SHA512

      3b865aa69cd440549c1c549dad17d520ff7e8976977e51746a2a2e50baed253fe1f366474e07678bbc430e92d8c1a71025ca82957c70fb21a381e9c09c42a8e0

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks