General
-
Target
4b527b79ec6cb0f74f3cb6b53a1ce1ad_JaffaCakes118
-
Size
740KB
-
Sample
240729-rk5ydasark
-
MD5
4b527b79ec6cb0f74f3cb6b53a1ce1ad
-
SHA1
f8b67bbc968ece97c5147c5f360ec66a7e4999a6
-
SHA256
983575863d353fa13cfc80e1fa0b9f073b5e336c6fdc4b46c0d9a3614ba8cca8
-
SHA512
806c177cb5158879a119fd4ed109ad5600260a15af6926b28517ba6f28d0b8c074eb82262c0f01792672ef45c94c8b4517f80d288313963f6179382ed2aea66d
-
SSDEEP
12288:NIdk8s1iiFRGXaXD4buHRcW4geSrH6lkv4rjhJToC/9HjWN3pjnHcS:q3iFRogMWRcW4gIlkv8jhj/EN3Bn8S
Static task
static1
Behavioral task
behavioral1
Sample
PO-4093021 copy.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
PO-4093021 copy.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.xtrafurniture.com - Port:
587 - Username:
[email protected] - Password:
#48#Xtr@furn!tur3
Targets
-
-
Target
PO-4093021 copy.exe
-
Size
805KB
-
MD5
642da53966f1bf49b013e96fc9584ea7
-
SHA1
3f0b9179ee12bf189c46bd06ba2ab29d17eadbff
-
SHA256
3a85cb51540571b98adc8edbe330bf0169582553a2c3bdb81171ebb5761ae001
-
SHA512
1a82c0a03189229a7d4d1ccf32bf6c184a8e32914648fcf175f65b7d4117c117a2d5df67156c145d705948763de02f69ee125cce2d5085db503a2899aa0e34b7
-
SSDEEP
12288:6nJl5JiwLr7Etmver3O8ComsoG65ymQHjqy++r1giiUWhbtQnwOycVeTBdWk:6nJNiMQrwSTOajM+BNRYBjORV
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-