masslogger | 7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe | Triage

Submit
Reports

Overview

overview

Static

static

1

16bc4c027c...18.exe

windows7-x64

16bc4c027c...18.exe

windows10-2004-x64

Sharing

General

Target

16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118
Size

502KB
Sample

240505-jybbxsbg91
MD5

16bc4c027c2c181559dc8ae64a0d5c9e
SHA1

f9714d8565402a7462c332b596218ace4a515ddf
SHA256

7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe
SHA512

b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7
SSDEEP

12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW

Score

10^/10

masslogger zgrat collection rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118.exe

Resource

win7-20240221-en

masslogger zgrat collection rat spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118.exe

Resource

win10v2004-20240419-en

masslogger zgrat collection rat spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118
- Size
  
  502KB
- MD5
  
  16bc4c027c2c181559dc8ae64a0d5c9e
- SHA1
  
  f9714d8565402a7462c332b596218ace4a515ddf
- SHA256
  
  7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe
- SHA512
  
  b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7
- SSDEEP
  
  12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW
Score

10^/10

masslogger zgrat collection rat spyware stealer
- Detect ZGRat V1
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

massloggerzgratcollectionratspywarestealer

behavioral2

massloggerzgratcollectionratspywarestealer

© 2018-2024

Terms | Privacy