masslogger | 3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376 | Triage

Submit
Reports

Overview

overview

Static

static

3

627f3cba7a...18.exe

windows7-x64

627f3cba7a...18.exe

windows10-2004-x64

Sharing

General

Target

627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118
Size

1.1MB
Sample

240521-h9xtmada6s
MD5

627f3cba7a3abb0d2a5cbee34640021d
SHA1

dba764c03b1aca0bc6d6ba120a50d156aba1b903
SHA256

3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376
SHA512

53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937
SSDEEP

12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz

Score

10^/10

masslogger collection spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118.exe

Resource

win7-20240508-en

masslogger collection spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118.exe

Resource

win10v2004-20240426-en

masslogger collection spyware stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  627f3cba7a3abb0d2a5cbee34640021d_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  627f3cba7a3abb0d2a5cbee34640021d
- SHA1
  
  dba764c03b1aca0bc6d6ba120a50d156aba1b903
- SHA256
  
  3e4fac54cce7264dd495969574e418f0ee9a600285f68e51cfd661391626f376
- SHA512
  
  53d9d4d95969980c1e75f05a542cd7ca58841e18a89befc43733b61f87c2d6be93765b071267938aa08581534635d1e6c12bae6934b68dc1f73254e601dab937
- SSDEEP
  
  12288:WDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFpvQ0jlG43d0vYQRHpr0z:WFBrny7d7eqq2Z32qo0G4WjJphEDoRKz
Score

10^/10

masslogger collection spyware stealer upx
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggercollectionspywarestealerupx

behavioral2

massloggercollectionspywarestealerupx

© 2018-2024

Terms | Privacy