Overview

overview

10

Static

static

3

file.exe

windows7-x64

3

file.exe

windows10-2004-x64

10

Resubmissions

12-08-2024 19:06

240812-xsap4azbla 10

11-08-2024 10:57

240811-m2gjws1arh 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a1907cd4b8b0b235a6072bd7543662f_JaffaCakes118

  • Size

    689KB

  • Sample

    240812-xsap4azbla

  • MD5

    8a1907cd4b8b0b235a6072bd7543662f

  • SHA1

    2310766bae1f1dd6376170bde47ab554a47cd857

  • SHA256

    bcf6f57656f2b70b3c9b7fad7d9ed6a2e1027e00d2733efd6b04eb6827db9355

  • SHA512

    e62570eda06d3078837f590de0b130bdec60f10a110801129cb5a1ddf3f4ea7e2341e69552ec8a3b3dafaaf9b43aa46a2f350bbb2d4126681a8b37bd41925184

  • SSDEEP

    12288:ntZEApT/9BFHVw77UQkdN0crq1qh9HtLAa2p9OWqrdb4FPmFgxTmVG68Nf9EzLO+:nDEApTJEoPW1sHtz2p9OWqpUFAgxC8nS

Score
10/10
massloggercollectioncredential_accessdiscoveryevasionspywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      795KB

    • MD5

      244ff9e90106994d5a14add8e8483484

    • SHA1

      42a9a0fec6267a15752beb06d838ea21eaefed75

    • SHA256

      655d4b33dd95b286d546c78a9e26e33c3b16b779d5cfb41b62250cb059ae1301

    • SHA512

      3b727ab0e410ff276688196199bb29b26d87734c85f93181784a5e4170decfc7467aa02d1c178c81e1fddd37638567af1045e9c9f1d0bb689f53e18baf03f867

    • SSDEEP

      12288:QZpTV9DFHzw7NU0EXN0c1qRcDnftLEY2D94ymrdbWF9mrgxTmta6GNfnEHLmmJ0:ipTp+kPcRIftn2D94ymp6FqgxkGFaN

    Score
    10/10
    discoverymassloggercollectioncredential_accessevasionspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Modifies visibility of file extensions in Explorer

      evasion

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks