General
-
Target
a2a448cbb79929843341c4431d2ef420_JaffaCakes118
-
Size
1.3MB
-
Sample
240817-qb8ggazdlq
-
MD5
a2a448cbb79929843341c4431d2ef420
-
SHA1
6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
-
SHA256
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
SHA512
34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd
-
SSDEEP
24576:lyBCjP6+acq1NFaozt2LgeBnBZ5Wv5p6DPTtLIxvvYu:52FVzgLgeBMxpUPTM
Static task
static1
Behavioral task
behavioral1
Sample
a2a448cbb79929843341c4431d2ef420_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a2a448cbb79929843341c4431d2ef420_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a2a448cbb79929843341c4431d2ef420_JaffaCakes118
-
Size
1.3MB
-
MD5
a2a448cbb79929843341c4431d2ef420
-
SHA1
6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64
-
SHA256
465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8
-
SHA512
34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd
-
SSDEEP
24576:lyBCjP6+acq1NFaozt2LgeBnBZ5Wv5p6DPTtLIxvvYu:52FVzgLgeBMxpUPTM
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-