Overview

overview

10

Static

static

3

ccb8b81708...18.exe

windows7-x64

10

ccb8b81708...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccb8b817085d6383614156053979e81b_JaffaCakes118

  • Size

    989KB

  • Sample

    240831-nm6e5s1djn

  • MD5

    ccb8b817085d6383614156053979e81b

  • SHA1

    924db1dab545f9d08b47093d342d024217607d1c

  • SHA256

    f55f1629d0ce8fefbc36ec5ec8f108485e494363531f372f4735186aa4c1bc85

  • SHA512

    df6bab868826f108712079b126382541f168d855e811860569099b3daf41a289472302016c61fdd40555d4472b4d75efa4667a44b00c97d5e1b77f04d415499e

  • SSDEEP

    24576:ErYUhzRsCg6Yn++QKSWoxc3ukISy9fezY0pc7uh/f:o+Cg6KbbjUkISAe5pSud

Score
10/10
massloggercollectioncredential_accessdiscoveryspywarestealerupx

Malware Config

Targets

    • Target

      ccb8b817085d6383614156053979e81b_JaffaCakes118

    • Size

      989KB

    • MD5

      ccb8b817085d6383614156053979e81b

    • SHA1

      924db1dab545f9d08b47093d342d024217607d1c

    • SHA256

      f55f1629d0ce8fefbc36ec5ec8f108485e494363531f372f4735186aa4c1bc85

    • SHA512

      df6bab868826f108712079b126382541f168d855e811860569099b3daf41a289472302016c61fdd40555d4472b4d75efa4667a44b00c97d5e1b77f04d415499e

    • SSDEEP

      24576:ErYUhzRsCg6Yn++QKSWoxc3ukISy9fezY0pc7uh/f:o+Cg6KbbjUkISAe5pSud

    Score
    10/10
    massloggercollectioncredential_accessdiscoveryspywarestealerupx

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks