General

  • Target

    180f863ca432210e175f6a798272fb0a4c8381200b982920fd6f7587e840d349

  • Size

    852KB

  • Sample

    220329-zyw7dsfdgr

  • MD5

    d9d812ce1fc5d1ca839f24bc5188c1ff

  • SHA1

    1bd3a29cb8e0301e1f5fa92c8b8978f7f6d8a82d

  • SHA256

    180f863ca432210e175f6a798272fb0a4c8381200b982920fd6f7587e840d349

  • SHA512

    a24ed9c4d61025c96eb346e7251b2fc90295a9c9a33edfe12c0c789b74dd3807231453a786d4f6894de2f952b2632b6741da8850dce1a082be2e9a2285ae141d

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.turkaykalibrasyon.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Cc_8A46

Targets

    • Target

      180f863ca432210e175f6a798272fb0a4c8381200b982920fd6f7587e840d349

    • Size

      852KB

    • MD5

      d9d812ce1fc5d1ca839f24bc5188c1ff

    • SHA1

      1bd3a29cb8e0301e1f5fa92c8b8978f7f6d8a82d

    • SHA256

      180f863ca432210e175f6a798272fb0a4c8381200b982920fd6f7587e840d349

    • SHA512

      a24ed9c4d61025c96eb346e7251b2fc90295a9c9a33edfe12c0c789b74dd3807231453a786d4f6894de2f952b2632b6741da8850dce1a082be2e9a2285ae141d

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks