masslogger | 8e04e0705156c53871f3a4f34b4fbd483cf079194b4156a87fcfd961d1ab70d0 | Triage

Submit
Reports

Overview

overview

Static

static

3

43174ec3f7...18.exe

windows7-x64

43174ec3f7...18.exe

windows10-2004-x64

Sharing

General

Target

43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118
Size

1.1MB
Sample

240514-z1tjaahb62
MD5

43174ec3f7028cf2226d4e8b393aa056
SHA1

d1fee62f8e0c5e0c0dc7f0db5c8c16da2bf9b7f0
SHA256

8e04e0705156c53871f3a4f34b4fbd483cf079194b4156a87fcfd961d1ab70d0
SHA512

66bb560373d4ae177b16cb775054beed4d702e49ab4fe9e2202234292fe549911fbbf07b96568cc16b1f2c86c1c988573c78f43a6813b976df2774c3436d9cf8
SSDEEP

24576:1UMlwweHinUSkvgVzRB2wanhLnTADpNlb:NBeHMEANB2wahLncD3lb

Score

10^/10

masslogger zgrat collection rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118.exe

Resource

win7-20240508-en

masslogger zgrat collection rat spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118.exe

Resource

win10v2004-20240426-en

masslogger zgrat collection rat spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  43174ec3f7028cf2226d4e8b393aa056
- SHA1
  
  d1fee62f8e0c5e0c0dc7f0db5c8c16da2bf9b7f0
- SHA256
  
  8e04e0705156c53871f3a4f34b4fbd483cf079194b4156a87fcfd961d1ab70d0
- SHA512
  
  66bb560373d4ae177b16cb775054beed4d702e49ab4fe9e2202234292fe549911fbbf07b96568cc16b1f2c86c1c988573c78f43a6813b976df2774c3436d9cf8
- SSDEEP
  
  24576:1UMlwweHinUSkvgVzRB2wanhLnTADpNlb:NBeHMEANB2wahLncD3lb
Score

10^/10

masslogger zgrat collection rat spyware stealer
- Detect ZGRat V1
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

massloggerzgratcollectionratspywarestealer

behavioral2

massloggerzgratcollectionratspywarestealer

© 2018-2024

Terms | Privacy