General
-
Target
057b14650b1eaf5c8543b66b660433fc_JaffaCakes118
-
Size
1.1MB
-
Sample
240728-cfnqza1hpr
-
MD5
057b14650b1eaf5c8543b66b660433fc
-
SHA1
c23e2b68f6ff2d7e74834430e6b5b6fb1e6cbce7
-
SHA256
b7809f88eb38c85a46ecd966f320c9c9f0b23181cc7b511299fdef733eb06390
-
SHA512
268afe5738aead08910ea8c9dff9bd20e1694d51c777fb37d7fc2f5d513dc47480d7fa866f324aa42272f281722464d0bbc0ac3ec0e8fb5206fbfd0ee6a3a600
-
SSDEEP
24576:MyBejP6+BCaVD3M0/tC2773ilD6CCK0ru1PbeWIKt:4NvM0olD6RK11DGKt
Malware Config
Targets
-
-
Target
057b14650b1eaf5c8543b66b660433fc_JaffaCakes118
-
Size
1.1MB
-
MD5
057b14650b1eaf5c8543b66b660433fc
-
SHA1
c23e2b68f6ff2d7e74834430e6b5b6fb1e6cbce7
-
SHA256
b7809f88eb38c85a46ecd966f320c9c9f0b23181cc7b511299fdef733eb06390
-
SHA512
268afe5738aead08910ea8c9dff9bd20e1694d51c777fb37d7fc2f5d513dc47480d7fa866f324aa42272f281722464d0bbc0ac3ec0e8fb5206fbfd0ee6a3a600
-
SSDEEP
24576:MyBejP6+BCaVD3M0/tC2773ilD6CCK0ru1PbeWIKt:4NvM0olD6RK11DGKt
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-