masslogger | c05ad3952ea82993862bd81a3b2e4936e2b17a260762e8e03809c44ded74652d | Triage

Submit
Reports

Overview

overview

Static

static

3

2dee435603...18.exe

windows7-x64

2dee435603...18.exe

windows10-2004-x64

Sharing

General

Target

2dee4356037f51411d9c305a107b44f7_JaffaCakes118
Size

938KB
Sample

240510-hv4cvshc5z
MD5

2dee4356037f51411d9c305a107b44f7
SHA1

5f7b6a1140d70a759a3a3e6155c11162057afc14
SHA256

c05ad3952ea82993862bd81a3b2e4936e2b17a260762e8e03809c44ded74652d
SHA512

08f52777332ca3262629a4db0706ce5fc65c4cad78683e7f41e255fea29bfb0c52940124f738473bc008977b05e893c16d63be00cbfb14857129cb5ebf1c35dc
SSDEEP

24576:Gv25tTwAaH53N9KOCwICRa370i1vh1G9uX:HzTwAaH537Kw5a3PVz9

Score

10^/10

masslogger zgrat collection rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2dee4356037f51411d9c305a107b44f7_JaffaCakes118.exe

Resource

win7-20240508-en

masslogger zgrat collection rat spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

2dee4356037f51411d9c305a107b44f7_JaffaCakes118.exe

Resource

win10v2004-20240426-en

masslogger zgrat collection rat spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2dee4356037f51411d9c305a107b44f7_JaffaCakes118
- Size
  
  938KB
- MD5
  
  2dee4356037f51411d9c305a107b44f7
- SHA1
  
  5f7b6a1140d70a759a3a3e6155c11162057afc14
- SHA256
  
  c05ad3952ea82993862bd81a3b2e4936e2b17a260762e8e03809c44ded74652d
- SHA512
  
  08f52777332ca3262629a4db0706ce5fc65c4cad78683e7f41e255fea29bfb0c52940124f738473bc008977b05e893c16d63be00cbfb14857129cb5ebf1c35dc
- SSDEEP
  
  24576:Gv25tTwAaH53N9KOCwICRa370i1vh1G9uX:HzTwAaH537Kw5a3PVz9
Score

10^/10

masslogger zgrat collection rat spyware stealer
- Detect ZGRat V1
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

massloggerzgratcollectionratspywarestealer

behavioral2

massloggerzgratcollectionratspywarestealer

© 2018-2024

Terms | Privacy