m00nd3v_logger | 91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114 | Triage

Submit
Reports

Overview

overview

Static

static

3

a16e3f7854...18.exe

windows7-x64

a16e3f7854...18.exe

windows10-2004-x64

Sharing

General

Target

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118
Size

649KB
Sample

240612-vkww9asdna
MD5

a16e3f785428ebb2d4aabe6c496f3e79
SHA1

f25c0528e226668c56bb7ca3e40417208e3d4917
SHA256

91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114
SHA512

32b3eb95102fafb8e00286387d90a2b499b948fc445601a9557d2426658d68f917804f580b3b9f9fc2eb68263698c860ce808b52f0da44783c8c64511dc2f310
SSDEEP

12288:J0frWjPL+ptawf36zU6puXdL6b60yOrTGXzXRWo71rKgU0oVD:JsWbLAoiqI6pQdL6G0JCjXMD

Score

10^/10

m00nd3v_logger infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118.exe

Resource

win7-20240221-en

m00nd3v_logger infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118.exe

Resource

win10v2004-20240611-en

m00nd3v_logger infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a16e3f785428ebb2d4aabe6c496f3e79_JaffaCakes118
- Size
  
  649KB
- MD5
  
  a16e3f785428ebb2d4aabe6c496f3e79
- SHA1
  
  f25c0528e226668c56bb7ca3e40417208e3d4917
- SHA256
  
  91cf31cdc2fe3bca0af7b933e77febf1eebf665d91d99a1e5b8deb373a854114
- SHA512
  
  32b3eb95102fafb8e00286387d90a2b499b948fc445601a9557d2426658d68f917804f580b3b9f9fc2eb68263698c860ce808b52f0da44783c8c64511dc2f310
- SSDEEP
  
  12288:J0frWjPL+ptawf36zU6puXdL6b60yOrTGXzXRWo71rKgU0oVD:JsWbLAoiqI6pQdL6G0JCjXMD
Score

10^/10

m00nd3v_logger infostealer spyware stealer
- M00nd3v_Logger
  M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware m00nd3v_logger
- M00nD3v Logger payload
  Detects M00nD3v Logger payload in memory.
  infostealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

m00nd3v_loggerinfostealerspywarestealer

behavioral2

m00nd3v_loggerinfostealerspywarestealer

© 2018-2024

Terms | Privacy