General

  • Target

    0e21195230325f3e3165a335af60c81c_JaffaCakes118

  • Size

    967KB

  • Sample

    240502-lg2hwsea7w

  • MD5

    0e21195230325f3e3165a335af60c81c

  • SHA1

    acfa28a60a4cc028c9ede6d19ae9f0a2b4eed658

  • SHA256

    b62e2d5028a28c3a636d1ab777d9a0ecaca17c55fdc7cda34671adae93f76625

  • SHA512

    78de380e02f05a7728e3a9df148a2c45ab60fc63537062a919a5545e05cf56e9e2b7868df2f93ad5cef1418ed4627a30559e7f492c8746dd5cd5ce7d90b95400

  • SSDEEP

    24576:A+pbzwIxk4VdoqmRNOuf6QOEVn01QVzWLn:hpbkGtLKJf6QrVn065WLn

Malware Config

Targets

    • Target

      0e21195230325f3e3165a335af60c81c_JaffaCakes118

    • Size

      967KB

    • MD5

      0e21195230325f3e3165a335af60c81c

    • SHA1

      acfa28a60a4cc028c9ede6d19ae9f0a2b4eed658

    • SHA256

      b62e2d5028a28c3a636d1ab777d9a0ecaca17c55fdc7cda34671adae93f76625

    • SHA512

      78de380e02f05a7728e3a9df148a2c45ab60fc63537062a919a5545e05cf56e9e2b7868df2f93ad5cef1418ed4627a30559e7f492c8746dd5cd5ce7d90b95400

    • SSDEEP

      24576:A+pbzwIxk4VdoqmRNOuf6QOEVn01QVzWLn:hpbkGtLKJf6QrVn065WLn

    • Detect ZGRat V1

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks