General
-
Target
d239a049a6e4eb2cb428d7905a98ac37_JaffaCakes118
-
Size
808KB
-
Sample
240907-slj8qssamh
-
MD5
d239a049a6e4eb2cb428d7905a98ac37
-
SHA1
58ae995ee60b72fdac3c46caca6b2e4e5f65b847
-
SHA256
18f4035381c01ac7eba826bf786103b091ce6f0c05943722a2996dbf14744689
-
SHA512
4ea8e18c6e321aecbbca84afd6637e9442193e79638502af77fff54edbda98038af9a35d2e838fd5cbed34da50d08c051f2653dbffb8abb6201dd15250a0bc6c
-
SSDEEP
24576:eqjP6+LOd94zc5tKEFV4dwVtNo1+XjOYl:eK8qcWG4deXRKw
Malware Config
Targets
-
-
Target
d239a049a6e4eb2cb428d7905a98ac37_JaffaCakes118
-
Size
808KB
-
MD5
d239a049a6e4eb2cb428d7905a98ac37
-
SHA1
58ae995ee60b72fdac3c46caca6b2e4e5f65b847
-
SHA256
18f4035381c01ac7eba826bf786103b091ce6f0c05943722a2996dbf14744689
-
SHA512
4ea8e18c6e321aecbbca84afd6637e9442193e79638502af77fff54edbda98038af9a35d2e838fd5cbed34da50d08c051f2653dbffb8abb6201dd15250a0bc6c
-
SSDEEP
24576:eqjP6+LOd94zc5tKEFV4dwVtNo1+XjOYl:eK8qcWG4deXRKw
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-