General

  • Target

    43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240514-z1tjaahb62

  • MD5

    43174ec3f7028cf2226d4e8b393aa056

  • SHA1

    d1fee62f8e0c5e0c0dc7f0db5c8c16da2bf9b7f0

  • SHA256

    8e04e0705156c53871f3a4f34b4fbd483cf079194b4156a87fcfd961d1ab70d0

  • SHA512

    66bb560373d4ae177b16cb775054beed4d702e49ab4fe9e2202234292fe549911fbbf07b96568cc16b1f2c86c1c988573c78f43a6813b976df2774c3436d9cf8

  • SSDEEP

    24576:1UMlwweHinUSkvgVzRB2wanhLnTADpNlb:NBeHMEANB2wahLncD3lb

Malware Config

Targets

    • Target

      43174ec3f7028cf2226d4e8b393aa056_JaffaCakes118

    • Size

      1.1MB

    • MD5

      43174ec3f7028cf2226d4e8b393aa056

    • SHA1

      d1fee62f8e0c5e0c0dc7f0db5c8c16da2bf9b7f0

    • SHA256

      8e04e0705156c53871f3a4f34b4fbd483cf079194b4156a87fcfd961d1ab70d0

    • SHA512

      66bb560373d4ae177b16cb775054beed4d702e49ab4fe9e2202234292fe549911fbbf07b96568cc16b1f2c86c1c988573c78f43a6813b976df2774c3436d9cf8

    • SSDEEP

      24576:1UMlwweHinUSkvgVzRB2wanhLnTADpNlb:NBeHMEANB2wahLncD3lb

    • Detect ZGRat V1

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks