General
-
Target
a9e83bcb97f41b4d4012d38070d39d55_JaffaCakes118
-
Size
610KB
-
Sample
240614-qprqwasejg
-
MD5
a9e83bcb97f41b4d4012d38070d39d55
-
SHA1
d0599a45c23609d3daf01b9f47739522bd8513d8
-
SHA256
1d0072a7e0d448774a0fb8ce79442eb785f4127d78f76950c26957e20c2fe480
-
SHA512
094f8438a29b808decbc77cf11f584bd7b8ca31bb43de885c24d0a66d79488be31e32b1983dfe8f2460ddd388224feba114622365c16001fea8e46d3657f93c2
-
SSDEEP
12288:uuIpsW5kLqcjz0nUHmQJ66l4hJ58qda3Gwipta/RIUS/F1Tdb0i5ZuRiK:uuqyOgOUHy6l4hJ5dda3GwzS/Fdddi
Malware Config
Targets
-
-
Target
a9e83bcb97f41b4d4012d38070d39d55_JaffaCakes118
-
Size
610KB
-
MD5
a9e83bcb97f41b4d4012d38070d39d55
-
SHA1
d0599a45c23609d3daf01b9f47739522bd8513d8
-
SHA256
1d0072a7e0d448774a0fb8ce79442eb785f4127d78f76950c26957e20c2fe480
-
SHA512
094f8438a29b808decbc77cf11f584bd7b8ca31bb43de885c24d0a66d79488be31e32b1983dfe8f2460ddd388224feba114622365c16001fea8e46d3657f93c2
-
SSDEEP
12288:uuIpsW5kLqcjz0nUHmQJ66l4hJ58qda3Gwipta/RIUS/F1Tdb0i5ZuRiK:uuqyOgOUHy6l4hJ5dda3GwzS/Fdddi
Score10/10-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger payload
Detects M00nD3v Logger payload in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-