Resubmissions

12-08-2024 19:06

240812-xsap4azbla 10

11-08-2024 10:57

240811-m2gjws1arh 10

General

  • Target

    8a1907cd4b8b0b235a6072bd7543662f_JaffaCakes118

  • Size

    689KB

  • Sample

    240812-xsap4azbla

  • MD5

    8a1907cd4b8b0b235a6072bd7543662f

  • SHA1

    2310766bae1f1dd6376170bde47ab554a47cd857

  • SHA256

    bcf6f57656f2b70b3c9b7fad7d9ed6a2e1027e00d2733efd6b04eb6827db9355

  • SHA512

    e62570eda06d3078837f590de0b130bdec60f10a110801129cb5a1ddf3f4ea7e2341e69552ec8a3b3dafaaf9b43aa46a2f350bbb2d4126681a8b37bd41925184

  • SSDEEP

    12288:ntZEApT/9BFHVw77UQkdN0crq1qh9HtLAa2p9OWqrdb4FPmFgxTmVG68Nf9EzLO+:nDEApTJEoPW1sHtz2p9OWqpUFAgxC8nS

Malware Config

Targets

    • Target

      file.exe

    • Size

      795KB

    • MD5

      244ff9e90106994d5a14add8e8483484

    • SHA1

      42a9a0fec6267a15752beb06d838ea21eaefed75

    • SHA256

      655d4b33dd95b286d546c78a9e26e33c3b16b779d5cfb41b62250cb059ae1301

    • SHA512

      3b727ab0e410ff276688196199bb29b26d87734c85f93181784a5e4170decfc7467aa02d1c178c81e1fddd37638567af1045e9c9f1d0bb689f53e18baf03f867

    • SSDEEP

      12288:QZpTV9DFHzw7NU0EXN0c1qRcDnftLEY2D94ymrdbWF9mrgxTmta6GNfnEHLmmJ0:ipTp+kPcRIftn2D94ymp6FqgxkGFaN

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Modifies visibility of file extensions in Explorer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks