General

  • Target

    c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4

  • Size

    805KB

  • Sample

    220330-c849esfaa9

  • MD5

    56e7aca17b3ac392edd902fbebdfcb5d

  • SHA1

    3db34861004bbcdf8b387705ad00b5fcc0db328e

  • SHA256

    c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4

  • SHA512

    bbc6b950ec838e633f977e4c85f477ea0724dde32e33cb1b04e8f3821bdc6699c03139868a9e2f7e4a4343cf60c9179e90b7a3042533374d0eb9dadcdcd0792e

Malware Config

Targets

    • Target

      c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4

    • Size

      805KB

    • MD5

      56e7aca17b3ac392edd902fbebdfcb5d

    • SHA1

      3db34861004bbcdf8b387705ad00b5fcc0db328e

    • SHA256

      c25a07e2624f849e3b1db404fced1d44e2b597ea7967f4c422d4b97e5564f9e4

    • SHA512

      bbc6b950ec838e633f977e4c85f477ea0724dde32e33cb1b04e8f3821bdc6699c03139868a9e2f7e4a4343cf60c9179e90b7a3042533374d0eb9dadcdcd0792e

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks