General
-
Target
84697862a4268a62a447929adaa21192_JaffaCakes118
-
Size
1.1MB
-
Sample
240810-chw55a1cnl
-
MD5
84697862a4268a62a447929adaa21192
-
SHA1
202f8bf498c815917736d2188d67180e486d0a80
-
SHA256
0c121b8b0d5cb95df98ef017aee09a33d858d96b3d849c30c8735384c89a22c4
-
SHA512
37fe204da7e0aaf5f8a6d99e831f10c27c0183917cee8f44fe32a7beb4e0383885fc20e7c7677b435d60fe6ca4a5c7ae87125f5a31629724bc8fb46420b6d09c
-
SSDEEP
24576:vsMtbXo0Q6NnauHNlGaEG8sLVaHzhFKKWe86CCaaQhI4s+:1o0Q6NnhHNloG8WAHzhlpCpI4
Malware Config
Targets
-
-
Target
84697862a4268a62a447929adaa21192_JaffaCakes118
-
Size
1.1MB
-
MD5
84697862a4268a62a447929adaa21192
-
SHA1
202f8bf498c815917736d2188d67180e486d0a80
-
SHA256
0c121b8b0d5cb95df98ef017aee09a33d858d96b3d849c30c8735384c89a22c4
-
SHA512
37fe204da7e0aaf5f8a6d99e831f10c27c0183917cee8f44fe32a7beb4e0383885fc20e7c7677b435d60fe6ca4a5c7ae87125f5a31629724bc8fb46420b6d09c
-
SSDEEP
24576:vsMtbXo0Q6NnauHNlGaEG8sLVaHzhFKKWe86CCaaQhI4s+:1o0Q6NnhHNloG8WAHzhlpCpI4
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-