General

  • Target

    687ec19eecceef09bda0f71d3c4900fa_JaffaCakes118

  • Size

    1001KB

  • Sample

    240522-y3zmmsfc34

  • MD5

    687ec19eecceef09bda0f71d3c4900fa

  • SHA1

    87e1fe866a4cf813b208afac135d0593bf00560c

  • SHA256

    d3b42cf65675502e58c7d5e967cec24716e389ccf9beeb8e2decc41913e57979

  • SHA512

    2fec43b4b23ca7f129cf6b24a1b1ef9f5eebe538d898c6016d63f17b88f1fea46d266641a04d19b29c7b4d0a6b2ecee3e15bf2fc36b34799011bb841615140fa

  • SSDEEP

    24576:jKlaBa1sMMZvIniOzOhmoHJL+3oYTxL1b25R:OfWL2ntzMmoHF+39Tz25R

Malware Config

Targets

    • Target

      687ec19eecceef09bda0f71d3c4900fa_JaffaCakes118

    • Size

      1001KB

    • MD5

      687ec19eecceef09bda0f71d3c4900fa

    • SHA1

      87e1fe866a4cf813b208afac135d0593bf00560c

    • SHA256

      d3b42cf65675502e58c7d5e967cec24716e389ccf9beeb8e2decc41913e57979

    • SHA512

      2fec43b4b23ca7f129cf6b24a1b1ef9f5eebe538d898c6016d63f17b88f1fea46d266641a04d19b29c7b4d0a6b2ecee3e15bf2fc36b34799011bb841615140fa

    • SSDEEP

      24576:jKlaBa1sMMZvIniOzOhmoHJL+3oYTxL1b25R:OfWL2ntzMmoHF+39Tz25R

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks