Resubmissions

28-01-2023 20:16

230128-y18sjagb93 10

15-12-2022 12:15

221215-pexcyafc8w 10

General

  • Target

    img014012022.exe

  • Size

    667KB

  • Sample

    221215-pexcyafc8w

  • MD5

    0d8c9a1bf7c59fc5623bc97992c84d68

  • SHA1

    f83fd12fc4ba8c891f01f93e4dbec5dd7106cbc3

  • SHA256

    f0e3d1d1dd4b0b69a99c24ce4217194e9cbbb4f1efd8edcb8831f6e889c9b5cd

  • SHA512

    776d9e66da6c499d54b760f930b7c080be33daabff33e4b9670701f21373f307af602e124ce414b3b354277c5604ae7811105dd9a8d2d8f03571e467947a3d2d

  • SSDEEP

    12288:aRW65WWrYINieIUYXPFvWYGegce9pZIdTPxM6uMdmLN4NQ/h1aikvhmF:mW65WWrYIUeIUYXP9WYGegceQN766NKL

Malware Config

Targets

    • Target

      img014012022.exe

    • Size

      667KB

    • MD5

      0d8c9a1bf7c59fc5623bc97992c84d68

    • SHA1

      f83fd12fc4ba8c891f01f93e4dbec5dd7106cbc3

    • SHA256

      f0e3d1d1dd4b0b69a99c24ce4217194e9cbbb4f1efd8edcb8831f6e889c9b5cd

    • SHA512

      776d9e66da6c499d54b760f930b7c080be33daabff33e4b9670701f21373f307af602e124ce414b3b354277c5604ae7811105dd9a8d2d8f03571e467947a3d2d

    • SSDEEP

      12288:aRW65WWrYINieIUYXPFvWYGegce9pZIdTPxM6uMdmLN4NQ/h1aikvhmF:mW65WWrYIUeIUYXP9WYGegceQN766NKL

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks