General

  • Target

    6d67841f172d8de051796807bf2e6033_JaffaCakes118

  • Size

    935KB

  • Sample

    240524-fme9ysec71

  • MD5

    6d67841f172d8de051796807bf2e6033

  • SHA1

    7589396ddab49161d519fdbc018e0d333a5cb8aa

  • SHA256

    f9e01c12da5e8c667b0059cf68860cb8c2de48a327eab5ed7665fdc005c09084

  • SHA512

    2d0f05c3ba5f34f3dcaf3dba17c0371bebffc8f0b7edc2adf99c4c3b482ca22ab3fe80a884afad5c861c7074d0ac6895171e6884637f923eaefbd721e5f766e1

  • SSDEEP

    24576:OQ42JhAN8yFjYN4MRrMrExEAPQP8suSpa:lJcE4MR+ExEfXG

Malware Config

Targets

    • Target

      6d67841f172d8de051796807bf2e6033_JaffaCakes118

    • Size

      935KB

    • MD5

      6d67841f172d8de051796807bf2e6033

    • SHA1

      7589396ddab49161d519fdbc018e0d333a5cb8aa

    • SHA256

      f9e01c12da5e8c667b0059cf68860cb8c2de48a327eab5ed7665fdc005c09084

    • SHA512

      2d0f05c3ba5f34f3dcaf3dba17c0371bebffc8f0b7edc2adf99c4c3b482ca22ab3fe80a884afad5c861c7074d0ac6895171e6884637f923eaefbd721e5f766e1

    • SSDEEP

      24576:OQ42JhAN8yFjYN4MRrMrExEAPQP8suSpa:lJcE4MR+ExEfXG

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks