General
-
Target
95faffb39b2af991f6bd02102f3000bd_JaffaCakes118
-
Size
809KB
-
Sample
240814-ny2w4avfnp
-
MD5
95faffb39b2af991f6bd02102f3000bd
-
SHA1
a7c4bebc58fc7cf803468396309e8153bb3a9c00
-
SHA256
eaaf80e304a8eceeb4b0474767c68855580763710c60902ec5b146850dc77461
-
SHA512
cbb37f756f22a74b380b6759397f5c2d7fc8b1648ffaa63faa42c5ff3a8bde8bf72aef09ea11599b53cc98ffe96d7456465feb58a1f5c9806a75e92851597ac1
-
SSDEEP
24576:XBujvduwBoIgZxekpwQgEtHCHTkMzAoOUAETGU:4dr2IgWk9/1ClzAtUvT5
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB 405986998.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
DHL AWB 405986998.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.mytravelexplorer.com - Port:
587 - Username:
[email protected] - Password:
2JWcb}iP#4]+
Targets
-
-
Target
DHL AWB 405986998.exe
-
Size
936KB
-
MD5
4b0c7e94c712a92bdb4a84ccef01ac26
-
SHA1
108888e88b8b74ab567874a22abc8513d445678a
-
SHA256
6f00ffaa9b0fe22f4e8e46fc35998010ecabecac8ffbdc4629e1b59372393a6b
-
SHA512
4fa45c2246196ef1ccbd68b4329b3d6f79da8a5df79529628edcd6a1a5f7fc7d6f5740bf02f88a33288f6818dbdf221b7cc14731298af6a287fc0d2f04fc62cf
-
SSDEEP
12288:+Fwj4Jdm9X2I6P3qoJsUkBY7kahSrePdxlqbvPK9DaqEPRCz+bIv/0xRSgHxOt9t:X0Jo91oJES97qlPRg+bIn0XLHxg2Qn
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-