General
-
Target
a6de5722cb9978b0e73781c41301c19f_JaffaCakes118
-
Size
1002KB
-
Sample
240613-2bkwyssfpf
-
MD5
a6de5722cb9978b0e73781c41301c19f
-
SHA1
f14b526e5cb5b5b551c234ea8a4e644c6d0f2a93
-
SHA256
7df80cbc3b1a80c75e28295d06119ffef7c17cb39f73a8e31ae1e90fae54a6d1
-
SHA512
8ad385c3a8973a2786a6e036dfb8a19084bc1ac3ccba213a68698e141fbc053b6f7f3d23c28a9c3edba4c25b5389e0a69cd192ff595d4c9c760e21afb92576cb
-
SSDEEP
24576:rKlaBa1sMMZvIniOzOhtHezxIbtMFDl69:2fWL2ntzMdelI2FZ69
Malware Config
Targets
-
-
Target
a6de5722cb9978b0e73781c41301c19f_JaffaCakes118
-
Size
1002KB
-
MD5
a6de5722cb9978b0e73781c41301c19f
-
SHA1
f14b526e5cb5b5b551c234ea8a4e644c6d0f2a93
-
SHA256
7df80cbc3b1a80c75e28295d06119ffef7c17cb39f73a8e31ae1e90fae54a6d1
-
SHA512
8ad385c3a8973a2786a6e036dfb8a19084bc1ac3ccba213a68698e141fbc053b6f7f3d23c28a9c3edba4c25b5389e0a69cd192ff595d4c9c760e21afb92576cb
-
SSDEEP
24576:rKlaBa1sMMZvIniOzOhtHezxIbtMFDl69:2fWL2ntzMdelI2FZ69
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-