General
-
Target
48634672df6b296836b01ea4e210dea8_JaffaCakes118
-
Size
1.2MB
-
Sample
240715-f1hx1asfre
-
MD5
48634672df6b296836b01ea4e210dea8
-
SHA1
d3484a7c65daaaf93767782653d900cea857839d
-
SHA256
47d6ee7ee359441ff76499d1827b6dbbe2746997a9194eaa3931b10328d59584
-
SHA512
be162170da4b0c44719cf15f641d4c52cc549d4f8f8a91182ffbb985155690a45fd9e91912d4cc19efdf9f021b8b83f744580d3ce25a21d8f8312cc58b7f140a
-
SSDEEP
24576:Kap2t9k0M1b9jfZ6h5cPinT+ve+jsgffCkA5Ac6kYmNm0uHcrgRUm/:KyoTcPinKj22MYTHcrgRUm/
Static task
static1
Behavioral task
behavioral1
Sample
09000000000000000.jar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
09000000000000000.jar
Resource
win10v2004-20240709-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ihemeg1986
Targets
-
-
Target
09000000000000000.jar
-
Size
905KB
-
MD5
5842335503404a570eb9263542504d63
-
SHA1
505cce556054c1a2c6a59a6f3203c6d0cda8b7fc
-
SHA256
6cadc1a284604c4ec3ba8655e5b933bc7df036e6eb84685d7a6ca0e40c17d575
-
SHA512
08e46be059022861fa9909303ab83bef4cf917d711b1b2054640d33eac64a57a242181f73f8cbf3034e8615f319034a44fba8ac3065183a70b0e5cd02000d9ff
-
SSDEEP
24576:khlynSEg/rfZI1/wicY0hFo8150dkM++cp+VD3:SlmGG15oht2ss
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-