General

  • Target

    a2a448cbb79929843341c4431d2ef420_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240817-qb8ggazdlq

  • MD5

    a2a448cbb79929843341c4431d2ef420

  • SHA1

    6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64

  • SHA256

    465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8

  • SHA512

    34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd

  • SSDEEP

    24576:lyBCjP6+acq1NFaozt2LgeBnBZ5Wv5p6DPTtLIxvvYu:52FVzgLgeBMxpUPTM

Malware Config

Targets

    • Target

      a2a448cbb79929843341c4431d2ef420_JaffaCakes118

    • Size

      1.3MB

    • MD5

      a2a448cbb79929843341c4431d2ef420

    • SHA1

      6f3d0c052c8d9844e59a9ee0a1efa35a41b77f64

    • SHA256

      465d689c0d1d1df6da7ac921360f6abc8f80f0c161915c684652b7390a4d5ac8

    • SHA512

      34778a4df8323a8627d4d658c5778005c09dc6b4ba1d39aea57f292a1eee2c14870e64d4fe13b449f33db63db27e0acb7be2289857f5a02eaec95998b37858dd

    • SSDEEP

      24576:lyBCjP6+acq1NFaozt2LgeBnBZ5Wv5p6DPTtLIxvvYu:52FVzgLgeBMxpUPTM

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks