General

  • Target

    ca9dfe7d2956203d7c6fd403e79f407cc9eb3e64518959cf3d07dd96ea1b0ee1

  • Size

    727KB

  • Sample

    220415-belpjsfdhk

  • MD5

    5a6fe9aaabc855a296bc06408886f22d

  • SHA1

    debd33dbb40945525b91408e91662de2e2636563

  • SHA256

    ca9dfe7d2956203d7c6fd403e79f407cc9eb3e64518959cf3d07dd96ea1b0ee1

  • SHA512

    b2788fc18baecac4c7825a52a1a7405208392b003a22df30ccd4b85da6279829b8687856a3b3be17127a37f67eb00783e5d330ed4e542081c00d43653ff3fa0f

Malware Config

Targets

    • Target

      ca9dfe7d2956203d7c6fd403e79f407cc9eb3e64518959cf3d07dd96ea1b0ee1

    • Size

      727KB

    • MD5

      5a6fe9aaabc855a296bc06408886f22d

    • SHA1

      debd33dbb40945525b91408e91662de2e2636563

    • SHA256

      ca9dfe7d2956203d7c6fd403e79f407cc9eb3e64518959cf3d07dd96ea1b0ee1

    • SHA512

      b2788fc18baecac4c7825a52a1a7405208392b003a22df30ccd4b85da6279829b8687856a3b3be17127a37f67eb00783e5d330ed4e542081c00d43653ff3fa0f

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks