masslogger | cfa59596590ca689f1acca3450a94bb956d9b54749b7f84be00f2fad3ff94cb3 | Triage

Submit
Reports

Overview

overview

Static

static

3

6a8349c30b...18.exe

windows7-x64

6a8349c30b...18.exe

windows10-2004-x64

Sharing

General

Target

6a8349c30bda22a77d692a91c7135183_JaffaCakes118
Size

1.1MB
Sample

240523-lmamcscb58
MD5

6a8349c30bda22a77d692a91c7135183
SHA1

c143cbe18573f5291baedc20145afab3e42be1b5
SHA256

cfa59596590ca689f1acca3450a94bb956d9b54749b7f84be00f2fad3ff94cb3
SHA512

103448f7315ec1d8a2b59519bf9b05e735ad7509c8d879c6427b254e2a1d5ca7db4294329843e9477670f1f21e4d05aa1d44977ce047f9f5af533a8e02eaae5b
SSDEEP

12288:vDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFQap0PzGQirg4E1y93CIB:vFBrny7d7eqq2Z32LYQigM9yFoviaHPx

Score

10^/10

masslogger collection spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6a8349c30bda22a77d692a91c7135183_JaffaCakes118.exe

Resource

win7-20240508-en

masslogger collection spyware stealer upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a8349c30bda22a77d692a91c7135183_JaffaCakes118.exe

Resource

win10v2004-20240508-en

masslogger collection spyware stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a8349c30bda22a77d692a91c7135183_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  6a8349c30bda22a77d692a91c7135183
- SHA1
  
  c143cbe18573f5291baedc20145afab3e42be1b5
- SHA256
  
  cfa59596590ca689f1acca3450a94bb956d9b54749b7f84be00f2fad3ff94cb3
- SHA512
  
  103448f7315ec1d8a2b59519bf9b05e735ad7509c8d879c6427b254e2a1d5ca7db4294329843e9477670f1f21e4d05aa1d44977ce047f9f5af533a8e02eaae5b
- SSDEEP
  
  12288:vDb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFQap0PzGQirg4E1y93CIB:vFBrny7d7eqq2Z32LYQigM9yFoviaHPx
Score

10^/10

masslogger collection spyware stealer upx
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

massloggercollectionspywarestealerupx

behavioral2

massloggercollectionspywarestealerupx

© 2018-2024

Terms | Privacy