General

  • Target

    954b6feda9f00dcefcfb1b9a238b198a18d9a9d4dbef0958865dde5f70f18d1e

  • Size

    2.8MB

  • Sample

    220415-pm3jxscba7

  • MD5

    b8e190cd989c42f5b7285684a823ca35

  • SHA1

    0a7cc9756425308578d36be98cac3ba2e7ccbc66

  • SHA256

    954b6feda9f00dcefcfb1b9a238b198a18d9a9d4dbef0958865dde5f70f18d1e

  • SHA512

    3bae52433ccacc8bbee1d8ce6129d7bf8ce39c446d03a9a0b3ce62656ca304735887fc7a23923f8da76d3cc180ffc63b53dfebc367e95d76e9c15d80c2be93be

Malware Config

Targets

    • Target

      954b6feda9f00dcefcfb1b9a238b198a18d9a9d4dbef0958865dde5f70f18d1e

    • Size

      2.8MB

    • MD5

      b8e190cd989c42f5b7285684a823ca35

    • SHA1

      0a7cc9756425308578d36be98cac3ba2e7ccbc66

    • SHA256

      954b6feda9f00dcefcfb1b9a238b198a18d9a9d4dbef0958865dde5f70f18d1e

    • SHA512

      3bae52433ccacc8bbee1d8ce6129d7bf8ce39c446d03a9a0b3ce62656ca304735887fc7a23923f8da76d3cc180ffc63b53dfebc367e95d76e9c15d80c2be93be

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks