General

  • Target

    8c28ec37bf61eda7d9d57d0dfc949d52df443ddf6f749cf9ca124bc4763f5dea

  • Size

    1.7MB

  • Sample

    220330-cs49gseff6

  • MD5

    e882bae2bd8ca50448da85e89826ddc1

  • SHA1

    6ed956bb86b62a1704cf373702a090d88775825b

  • SHA256

    8c28ec37bf61eda7d9d57d0dfc949d52df443ddf6f749cf9ca124bc4763f5dea

  • SHA512

    0cbad1b1a9af97c15c715a67d2d863088c758d9734689d59a9945499bf7e18a30b208a139cdc20d3b5bb29341007e199deae5e2fcc2ffbfac3d1c8c57dce3af9

Malware Config

Targets

    • Target

      8c28ec37bf61eda7d9d57d0dfc949d52df443ddf6f749cf9ca124bc4763f5dea

    • Size

      1.7MB

    • MD5

      e882bae2bd8ca50448da85e89826ddc1

    • SHA1

      6ed956bb86b62a1704cf373702a090d88775825b

    • SHA256

      8c28ec37bf61eda7d9d57d0dfc949d52df443ddf6f749cf9ca124bc4763f5dea

    • SHA512

      0cbad1b1a9af97c15c715a67d2d863088c758d9734689d59a9945499bf7e18a30b208a139cdc20d3b5bb29341007e199deae5e2fcc2ffbfac3d1c8c57dce3af9

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks