General

  • Target

    95faffb39b2af991f6bd02102f3000bd_JaffaCakes118

  • Size

    809KB

  • Sample

    240814-ny2w4avfnp

  • MD5

    95faffb39b2af991f6bd02102f3000bd

  • SHA1

    a7c4bebc58fc7cf803468396309e8153bb3a9c00

  • SHA256

    eaaf80e304a8eceeb4b0474767c68855580763710c60902ec5b146850dc77461

  • SHA512

    cbb37f756f22a74b380b6759397f5c2d7fc8b1648ffaa63faa42c5ff3a8bde8bf72aef09ea11599b53cc98ffe96d7456465feb58a1f5c9806a75e92851597ac1

  • SSDEEP

    24576:XBujvduwBoIgZxekpwQgEtHCHTkMzAoOUAETGU:4dr2IgWk9/1ClzAtUvT5

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.mytravelexplorer.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    2JWcb}iP#4]+

Targets

    • Target

      DHL AWB 405986998.exe

    • Size

      936KB

    • MD5

      4b0c7e94c712a92bdb4a84ccef01ac26

    • SHA1

      108888e88b8b74ab567874a22abc8513d445678a

    • SHA256

      6f00ffaa9b0fe22f4e8e46fc35998010ecabecac8ffbdc4629e1b59372393a6b

    • SHA512

      4fa45c2246196ef1ccbd68b4329b3d6f79da8a5df79529628edcd6a1a5f7fc7d6f5740bf02f88a33288f6818dbdf221b7cc14731298af6a287fc0d2f04fc62cf

    • SSDEEP

      12288:+Fwj4Jdm9X2I6P3qoJsUkBY7kahSrePdxlqbvPK9DaqEPRCz+bIv/0xRSgHxOt9t:X0Jo91oJES97qlPRg+bIn0XLHxg2Qn

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks