masslogger | d3927bb8ff26df08ec9d4f9adce917cfde227c7b4a56d169713e15de8e748517 | Triage

Submit
Reports

Overview

overview

Static

static

3

bd0f466d44...18.exe

windows7-x64

bd0f466d44...18.exe

windows10-2004-x64

Sharing

General

Target

bd0f466d4430c91d4b594be6a1842a25_JaffaCakes118
Size

1.1MB
Sample

240823-zcs8lsxclm
MD5

bd0f466d4430c91d4b594be6a1842a25
SHA1

54ee4c4163b7e1ebf7bfa9e431faa0cb4cbcb6f9
SHA256

d3927bb8ff26df08ec9d4f9adce917cfde227c7b4a56d169713e15de8e748517
SHA512

7f60b6b308183c526e691e4e9db7d2da79f41329a71cc654c88f9a3e3162a503543e47cb611e8bbc607d488f0f49d4c12c02d0202eab71db37ff8a4b3cf32ec4
SSDEEP

24576:KyBljP6+opzqidUTlL3d0WJVT6DMu7QRRVoFKnKvGSBwuhB7TxN8X:N0pz7OfgMu7QtrSBXhT

Score

10^/10

masslogger defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bd0f466d4430c91d4b594be6a1842a25_JaffaCakes118.exe

Resource

win7-20240704-en

masslogger defense_evasion discovery spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd0f466d4430c91d4b594be6a1842a25_JaffaCakes118.exe

Resource

win10v2004-20240802-en

masslogger defense_evasion discovery spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  bd0f466d4430c91d4b594be6a1842a25_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  bd0f466d4430c91d4b594be6a1842a25
- SHA1
  
  54ee4c4163b7e1ebf7bfa9e431faa0cb4cbcb6f9
- SHA256
  
  d3927bb8ff26df08ec9d4f9adce917cfde227c7b4a56d169713e15de8e748517
- SHA512
  
  7f60b6b308183c526e691e4e9db7d2da79f41329a71cc654c88f9a3e3162a503543e47cb611e8bbc607d488f0f49d4c12c02d0202eab71db37ff8a4b3cf32ec4
- SSDEEP
  
  24576:KyBljP6+opzqidUTlL3d0WJVT6DMu7QRRVoFKnKvGSBwuhB7TxN8X:N0pz7OfgMu7QtrSBXhT
Score

10^/10

masslogger defense_evasion discovery spyware stealer
- MassLogger
  Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
  stealer spyware masslogger
- MassLogger Main payload
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

massloggerdefense_evasiondiscoveryspywarestealer

behavioral2

massloggerdefense_evasiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy