General

  • Target

    eb2fe4029a0f9d3b2f5e3b9aafed5367667a94bdb288065969a4222c76d51c58

  • Size

    1.2MB

  • Sample

    220330-j6bbwsaed3

  • MD5

    7e5a25ed8f4ba9fdf1879eb08d5935db

  • SHA1

    186eea43a5199d3c255bbb3e77ac054d578e0a84

  • SHA256

    eb2fe4029a0f9d3b2f5e3b9aafed5367667a94bdb288065969a4222c76d51c58

  • SHA512

    e034bbf2e6919d03b65dbc26986893e93c0d4992e07d107c7a0e902e0738ee8b95af2561639810c7ea1ae5c8bb9728d281282e9323a6c6ed395514f5ea665724

Malware Config

Targets

    • Target

      eb2fe4029a0f9d3b2f5e3b9aafed5367667a94bdb288065969a4222c76d51c58

    • Size

      1.2MB

    • MD5

      7e5a25ed8f4ba9fdf1879eb08d5935db

    • SHA1

      186eea43a5199d3c255bbb3e77ac054d578e0a84

    • SHA256

      eb2fe4029a0f9d3b2f5e3b9aafed5367667a94bdb288065969a4222c76d51c58

    • SHA512

      e034bbf2e6919d03b65dbc26986893e93c0d4992e07d107c7a0e902e0738ee8b95af2561639810c7ea1ae5c8bb9728d281282e9323a6c6ed395514f5ea665724

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks