masslogger | 6cadc1a284604c4ec3ba8655e5b933bc7df036e6eb84685d7a6ca0e40c17d575 | Triage

Submit
Reports

Overview

overview

Static

static

1

5842335503...18.jar

windows7-x64

7

5842335503...18.jar

windows10-2004-x64

Sharing

General

Target

5842335503404a570eb9263542504d63_JaffaCakes118
Size

905KB
Sample

240718-vdnbjaxfmn
MD5

5842335503404a570eb9263542504d63
SHA1

505cce556054c1a2c6a59a6f3203c6d0cda8b7fc
SHA256

6cadc1a284604c4ec3ba8655e5b933bc7df036e6eb84685d7a6ca0e40c17d575
SHA512

08e46be059022861fa9909303ab83bef4cf917d711b1b2054640d33eac64a57a242181f73f8cbf3034e8615f319034a44fba8ac3065183a70b0e5cd02000d9ff
SSDEEP

24576:khlynSEg/rfZI1/wicY0hFo8150dkM++cp+VD3:SlmGG15oht2ss

Score

10^/10

masslogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5842335503404a570eb9263542504d63_JaffaCakes118.jar

Resource

win7-20240704-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5842335503404a570eb9263542504d63_JaffaCakes118.jar

Resource

win10v2004-20240709-en

masslogger collection spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
ihemeg1986

Targets

- Target
  
  5842335503404a570eb9263542504d63_JaffaCakes118
- Size
  
  905KB
- MD5
  
  5842335503404a570eb9263542504d63
- SHA1
  
  505cce556054c1a2c6a59a6f3203c6d0cda8b7fc
- SHA256
  
  6cadc1a284604c4ec3ba8655e5b933bc7df036e6eb84685d7a6ca0e40c17d575
- SHA512
  
  08e46be059022861fa9909303ab83bef4cf917d711b1b2054640d33eac64a57a242181f73f8cbf3034e8615f319034a44fba8ac3065183a70b0e5cd02000d9ff
- SSDEEP
  
  24576:khlynSEg/rfZI1/wicY0hFo8150dkM++cp+VD3:SlmGG15oht2ss
Score

10^/10

masslogger collection spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

massloggercollectionspywarestealer

© 2018-2024

Terms | Privacy