m00nd3v_logger | 91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a16e3f7854...18.exe

windows7-x64

a16e3f7854...18.exe

windows10-2004-x64

Sharing

General

Target

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118
Size

649KB
Sample

240612-vkww9asdna
MD5

a16e3f785428ebb2d4aabe6c496f3e79
SHA1

f25c0528e226668c56bb7ca3e40417208e3d4917
SHA256

91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114
SHA512

32b3eb95102fafb8e00286387d90a2b499b948fc445601a9557d2426658d68f917804f580b3b9f9fc2eb68263698c860ce808b52f0da44783c8c64511dc2f310
SSDEEP

12288:J0frWjPL+ptawf36zU6puXdL6b60yOrTGXzXRWo71rKgU0oVD:JsWbLAoiqI6pQdL6G0JCjXMD

Score

10^/10

m00nd3v_logger infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118.exe

Resource

win7-20240221-en

m00nd3v_logger infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118.exe

Resource

win10v2004-20240611-en

m00nd3v_logger infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118
- Size
  
  649KB
- MD5
  
  a16e3f785428ebb2d4aabe6c496f3e79
- SHA1
  
  f25c0528e226668c56bb7ca3e40417208e3d4917
- SHA256
  
  91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114
- SHA512
  
  32b3eb95102fafb8e00286387d90a2b499b948fc445601a9557d2426658d68f917804f580b3b9f9fc2eb68263698c860ce808b52f0da44783c8c64511dc2f310
- SSDEEP
  
  12288:J0frWjPL+ptawf36zU6puXdL6b60yOrTGXzXRWo71rKgU0oVD:JsWbLAoiqI6pQdL6G0JCjXMD
Score

10^/10

m00nd3v_logger infostealer spyware stealer
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

m00nd3v_loggerinfostealerspywarestealer

behavioral2

m00nd3v_loggerinfostealerspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.