General

  • Target

    0bf69f7afc73a7c64935846dc013f057b99281f67a2fdb14be9a0a9f7805d8ab

  • Size

    3.0MB

  • Sample

    220521-mh8t2afaaq

  • MD5

    17c94115aa1d36c009e7168a547cbb8b

  • SHA1

    49c37766bbf6abb46a8e2699bc628b5621e2a290

  • SHA256

    0bf69f7afc73a7c64935846dc013f057b99281f67a2fdb14be9a0a9f7805d8ab

  • SHA512

    8da3875074f6e8bfbada075fc8c3af513f34f11dd5e533b2678fa8096fdd7ef0f2bcc0855cde18e0bf8bbace44d15a3772c4f381a41a23401a7df79262ce0f6a

Malware Config

Targets

    • Target

      Company Profile.exe

    • Size

      3.4MB

    • MD5

      b09ce7efdb241a6dc395ea44cf0e86ac

    • SHA1

      ee40b55737d3bbb010514ae32c0d9da5cdc2c529

    • SHA256

      0e39910988f4e5f6a89354c7f83321db4ea548d20d5e217480559b308a85ea11

    • SHA512

      54805f70714d6d9a8e1640434de9d4f3a0394911b62b1e1d99f481907237897adb6a15408469adf7d2bc29ac940fd181ea0f023547b5b5cfb8ddc4f3b0cec46b

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks