General

  • Target

    72b50da8bca5b84512f4d2905a24f45628b0221ae2bda664389b5c87db13f506

  • Size

    788KB

  • Sample

    220414-hq44laaeep

  • MD5

    8ede330b784357b9c3fef76332659c5e

  • SHA1

    e85a1c6036f6f189cae2067320f8a7214ac1866f

  • SHA256

    72b50da8bca5b84512f4d2905a24f45628b0221ae2bda664389b5c87db13f506

  • SHA512

    ccef5e5904231f919f1a5cb660db74aff46e8165df482c2b87b3522b99d1baf01eb26667bc16392dfc43849ea634e686c76b80cd010980e02ba308e1968c733a

Malware Config

Targets

    • Target

      72b50da8bca5b84512f4d2905a24f45628b0221ae2bda664389b5c87db13f506

    • Size

      788KB

    • MD5

      8ede330b784357b9c3fef76332659c5e

    • SHA1

      e85a1c6036f6f189cae2067320f8a7214ac1866f

    • SHA256

      72b50da8bca5b84512f4d2905a24f45628b0221ae2bda664389b5c87db13f506

    • SHA512

      ccef5e5904231f919f1a5cb660db74aff46e8165df482c2b87b3522b99d1baf01eb26667bc16392dfc43849ea634e686c76b80cd010980e02ba308e1968c733a

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks