General
-
Target
31cae77f918b6d598a4b0e5af9aea643_JaffaCakes118
-
Size
1.1MB
-
Sample
240729-ca144s1fmf
-
MD5
31cae77f918b6d598a4b0e5af9aea643
-
SHA1
27d74a534bb22ea8a61f07ec2c20116b369a22c6
-
SHA256
f925d649aee4b92c974778fd87576229f44972c23df41df5aacdd9dc55fd2c45
-
SHA512
99a8eb4e8148d86cdafa2312d982a48060ee81f5bdb40fa57b36860a219b2323af17c40bdded3e14bebbeddb61d433cf9b77f567207ae3076b960cb371900f5c
-
SSDEEP
12288:80lZVKwTTtJbXHnx2hDWbHApyg8RoonPVpCk8ISIeBl13:/ldTTtJb3xqDUHAYkISTx
Malware Config
Targets
-
-
Target
31cae77f918b6d598a4b0e5af9aea643_JaffaCakes118
-
Size
1.1MB
-
MD5
31cae77f918b6d598a4b0e5af9aea643
-
SHA1
27d74a534bb22ea8a61f07ec2c20116b369a22c6
-
SHA256
f925d649aee4b92c974778fd87576229f44972c23df41df5aacdd9dc55fd2c45
-
SHA512
99a8eb4e8148d86cdafa2312d982a48060ee81f5bdb40fa57b36860a219b2323af17c40bdded3e14bebbeddb61d433cf9b77f567207ae3076b960cb371900f5c
-
SSDEEP
12288:80lZVKwTTtJbXHnx2hDWbHApyg8RoonPVpCk8ISIeBl13:/ldTTtJb3xqDUHAYkISTx
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-