General

  • Target

    16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118

  • Size

    502KB

  • Sample

    240505-jybbxsbg91

  • MD5

    16bc4c027c2c181559dc8ae64a0d5c9e

  • SHA1

    f9714d8565402a7462c332b596218ace4a515ddf

  • SHA256

    7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe

  • SHA512

    b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7

  • SSDEEP

    12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW

Malware Config

Targets

    • Target

      16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118

    • Size

      502KB

    • MD5

      16bc4c027c2c181559dc8ae64a0d5c9e

    • SHA1

      f9714d8565402a7462c332b596218ace4a515ddf

    • SHA256

      7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe

    • SHA512

      b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7

    • SSDEEP

      12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW

    • Detect ZGRat V1

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks