General

  • Target

    swift copy 016011 022.exe

  • Size

    951KB

  • Sample

    221116-slnadsfg6s

  • MD5

    cdd6ff27424a2db74653821acc8a732c

  • SHA1

    37e03591611d462aa39c0ec3f335c3bf7e56eb4c

  • SHA256

    96e45500db445f50f255908635dc793bc896a0d919f989de9080ceb1a3bd74d9

  • SHA512

    971990ceac9bfd69fdde3ff74713ad9d62e564bb08aaeab4e5568207fb7b652aa129b2b1a2495b99e3e0990349a2c881a4b1c2292100597055ba9aa98c40eeea

  • SSDEEP

    12288:rq1bRSmFLfNvNFHgOVyGdYb7bLFfs1qAnrHuqUZXO0pNUuXe9hrDdlsKBehG/U/x:rQ5v3gRgaFwXrHBWXO0pTQJlHBa/5r

Malware Config

Targets

    • Target

      swift copy 016011 022.exe

    • Size

      951KB

    • MD5

      cdd6ff27424a2db74653821acc8a732c

    • SHA1

      37e03591611d462aa39c0ec3f335c3bf7e56eb4c

    • SHA256

      96e45500db445f50f255908635dc793bc896a0d919f989de9080ceb1a3bd74d9

    • SHA512

      971990ceac9bfd69fdde3ff74713ad9d62e564bb08aaeab4e5568207fb7b652aa129b2b1a2495b99e3e0990349a2c881a4b1c2292100597055ba9aa98c40eeea

    • SSDEEP

      12288:rq1bRSmFLfNvNFHgOVyGdYb7bLFfs1qAnrHuqUZXO0pNUuXe9hrDdlsKBehG/U/x:rQ5v3gRgaFwXrHBWXO0pTQJlHBa/5r

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks