General
-
Target
627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118
-
Size
1.1MB
-
Sample
240521-h9xtmada6s
-
MD5
627f3cba7a3abb0d2a5cbee34640021d
-
SHA1
dba764c03b1aca0bc6d6ba120a50d156aba1b903
-
SHA256
3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376
-
SHA512
53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937
-
SSDEEP
12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz
Static task
static1
Behavioral task
behavioral1
Sample
627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118
-
Size
1.1MB
-
MD5
627f3cba7a3abb0d2a5cbee34640021d
-
SHA1
dba764c03b1aca0bc6d6ba120a50d156aba1b903
-
SHA256
3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376
-
SHA512
53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937
-
SSDEEP
12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-