General
-
Target
16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118
-
Size
502KB
-
Sample
240505-jybbxsbg91
-
MD5
16bc4c027c2c181559dc8ae64a0d5c9e
-
SHA1
f9714d8565402a7462c332b596218ace4a515ddf
-
SHA256
7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe
-
SHA512
b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7
-
SSDEEP
12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW
Static task
static1
Behavioral task
behavioral1
Sample
16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
16bc4c027c2c181559dc8ae64a0d5c9e_JaffaCakes118
-
Size
502KB
-
MD5
16bc4c027c2c181559dc8ae64a0d5c9e
-
SHA1
f9714d8565402a7462c332b596218ace4a515ddf
-
SHA256
7c2e49a372774be85d91e19ed6c8481879cdfe203ca8b54bb22bcd209bcee5fe
-
SHA512
b60478750b1183637b782224f6a646f491f1481146dec90510125e94226634353107fb3527d00a8a45a12b84c27c1ad1cb600aadc209e6972b69b6ae35b286d7
-
SSDEEP
12288:16FR1chcXk1fkiGW0KICeZn6qsQsMNToavrXKnZebwR8DU:1CycY8w0Kred6D8ToaTW
Score10/10-
Detect ZGRat V1
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-