General
-
Target
a768546a53121478d2b633758ad0a762_JaffaCakes118
-
Size
806KB
-
Sample
240818-t5mzeawenp
-
MD5
a768546a53121478d2b633758ad0a762
-
SHA1
8ddf7b31108d3e9089136583e6d6777a494688aa
-
SHA256
cb554ff729a2e33d8ecc4ec2a6dbce1b35052760d87412682e1b5e678b569225
-
SHA512
1b9ac4020c48340535ea7d6ae1f2f8c9956b61f92e7b4e0bc929068efb91bed78e1843e050884b399f801c96ffb7c0588c19722bb6015a04ac7554fbb046debe
-
SSDEEP
12288:/Tv2zv1g09HIdQ8UjzaxMbLYQmBLagQJw5BYpFRU1Ad8FV+kPTgXlvM19tt0:S2Kn5wJRBLals+pmAd4+kLg1Uztt0
Malware Config
Targets
-
-
Target
a768546a53121478d2b633758ad0a762_JaffaCakes118
-
Size
806KB
-
MD5
a768546a53121478d2b633758ad0a762
-
SHA1
8ddf7b31108d3e9089136583e6d6777a494688aa
-
SHA256
cb554ff729a2e33d8ecc4ec2a6dbce1b35052760d87412682e1b5e678b569225
-
SHA512
1b9ac4020c48340535ea7d6ae1f2f8c9956b61f92e7b4e0bc929068efb91bed78e1843e050884b399f801c96ffb7c0588c19722bb6015a04ac7554fbb046debe
-
SSDEEP
12288:/Tv2zv1g09HIdQ8UjzaxMbLYQmBLagQJw5BYpFRU1Ad8FV+kPTgXlvM19tt0:S2Kn5wJRBLals+pmAd4+kLg1Uztt0
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-