General

  • Target

    4b527b79ec6cb0f74f3cb6b53a1ce1ad_JaffaCakes118

  • Size

    740KB

  • Sample

    240729-rk5ydasark

  • MD5

    4b527b79ec6cb0f74f3cb6b53a1ce1ad

  • SHA1

    f8b67bbc968ece97c5147c5f360ec66a7e4999a6

  • SHA256

    983575863d353fa13cfc80e1fa0b9f073b5e336c6fdc4b46c0d9a3614ba8cca8

  • SHA512

    806c177cb5158879a119fd4ed109ad5600260a15af6926b28517ba6f28d0b8c074eb82262c0f01792672ef45c94c8b4517f80d288313963f6179382ed2aea66d

  • SSDEEP

    12288:NIdk8s1iiFRGXaXD4buHRcW4geSrH6lkv4rjhJToC/9HjWN3pjnHcS:q3iFRogMWRcW4gIlkv8jhj/EN3Bn8S

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.xtrafurniture.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    #48#Xtr@furn!tur3

Targets

    • Target

      PO-4093021 copy.exe

    • Size

      805KB

    • MD5

      642da53966f1bf49b013e96fc9584ea7

    • SHA1

      3f0b9179ee12bf189c46bd06ba2ab29d17eadbff

    • SHA256

      3a85cb51540571b98adc8edbe330bf0169582553a2c3bdb81171ebb5761ae001

    • SHA512

      1a82c0a03189229a7d4d1ccf32bf6c184a8e32914648fcf175f65b7d4117c117a2d5df67156c145d705948763de02f69ee125cce2d5085db503a2899aa0e34b7

    • SSDEEP

      12288:6nJl5JiwLr7Etmver3O8ComsoG65ymQHjqy++r1giiUWhbtQnwOycVeTBdWk:6nJNiMQrwSTOajM+BNRYBjORV

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks