General

  • Target

    bcb30c2233345ccc3769c21dbfdecb20ec43339517204720f310ccfec29fe49a

  • Size

    1.6MB

  • Sample

    220520-3w5brscecp

  • MD5

    3a9069909a170e2a6f90296392facbc0

  • SHA1

    a495b38e28479bebfafe029384aebf62e9e5f04a

  • SHA256

    bcb30c2233345ccc3769c21dbfdecb20ec43339517204720f310ccfec29fe49a

  • SHA512

    cd9d1ae2f40c5383cb2c2c25a23c39aa2984ea77f64fcdce43ea022d89e095393ab917925448f46bbf6548c220dd65ea99795ea738d980e5a578fffde4b67e5c

Malware Config

Targets

    • Target

      AUG10TH_.EXE

    • Size

      1.1MB

    • MD5

      9d1676055eebd75eb7abd7a09528776f

    • SHA1

      da284df615ccefcf583175ec88ea887fc1d769b2

    • SHA256

      b045f558a43c37201a204a240bd09b7da12735958ad5c8d317feff0044d132c4

    • SHA512

      74197863ee985f7e974d794f3038dfe8bb4e1973107e424a06ed801c63b32a4e1fd2dd9be172343b8040bb663eaf5cb04a1b6659fa36b734d07a2e30547fb8fc

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks