General

  • Target

    627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240521-h9xtmada6s

  • MD5

    627f3cba7a3abb0d2a5cbee34640021d

  • SHA1

    dba764c03b1aca0bc6d6ba120a50d156aba1b903

  • SHA256

    3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376

  • SHA512

    53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937

  • SSDEEP

    12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz

Malware Config

Targets

    • Target

      627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      627f3cba7a3abb0d2a5cbee34640021d

    • SHA1

      dba764c03b1aca0bc6d6ba120a50d156aba1b903

    • SHA256

      3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376

    • SHA512

      53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937

    • SSDEEP

      12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks