General

  • Target

    SecuriteInfo.com.IL.Trojan.MSILZilla.16636.8959.1070

  • Size

    825KB

  • Sample

    220615-3vkkzaghb6

  • MD5

    8b98184196c9dd4666b78611987806ac

  • SHA1

    389aec94899bbd920acf35422bb856c473c755a5

  • SHA256

    05e3a40f74192a66cd31fc9b80043e0568e55759b24a7e041448b7061daf3b93

  • SHA512

    f64d9e8128f508327ea804b72b7d26bac0b0d4eaebbf53bf14673580ebb014d2c80142aecfb034a0383d04326478f24711c5ce90116219edcf181e612fdcc762

Malware Config

Targets

    • Target

      SecuriteInfo.com.IL.Trojan.MSILZilla.16636.8959.1070

    • Size

      825KB

    • MD5

      8b98184196c9dd4666b78611987806ac

    • SHA1

      389aec94899bbd920acf35422bb856c473c755a5

    • SHA256

      05e3a40f74192a66cd31fc9b80043e0568e55759b24a7e041448b7061daf3b93

    • SHA512

      f64d9e8128f508327ea804b72b7d26bac0b0d4eaebbf53bf14673580ebb014d2c80142aecfb034a0383d04326478f24711c5ce90116219edcf181e612fdcc762

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks