General
-
Target
d408d9b719debd7ac1a42cae6128890f_JaffaCakes118
-
Size
978KB
-
Sample
240908-ldk2qsxgqq
-
MD5
d408d9b719debd7ac1a42cae6128890f
-
SHA1
cabbd9c628578f60bc6d6c09d49123cd9deda8b0
-
SHA256
27ed7853f8176995ba85c2fb099e49a6344c9d8afa38b2cb8d137032d96f9db8
-
SHA512
020e7534debf1e5015eadb2e0abaa244ee6aa666d249847ecd4c4082080b151d14cd56be5bd0e96b61471b7b5272b1d0ad34ca22984b68f88d693a9edc269ce2
-
SSDEEP
12288:q1oc0zzQX0rjJGVl747Rv55RxPiNC3C0ZmEEVRM0/q6pVX9mTsKrtk1U7b8c:av0YX0rk87XbV/nmEEQ0/q6l9Lc5T
Malware Config
Targets
-
-
Target
d408d9b719debd7ac1a42cae6128890f_JaffaCakes118
-
Size
978KB
-
MD5
d408d9b719debd7ac1a42cae6128890f
-
SHA1
cabbd9c628578f60bc6d6c09d49123cd9deda8b0
-
SHA256
27ed7853f8176995ba85c2fb099e49a6344c9d8afa38b2cb8d137032d96f9db8
-
SHA512
020e7534debf1e5015eadb2e0abaa244ee6aa666d249847ecd4c4082080b151d14cd56be5bd0e96b61471b7b5272b1d0ad34ca22984b68f88d693a9edc269ce2
-
SSDEEP
12288:q1oc0zzQX0rjJGVl747Rv55RxPiNC3C0ZmEEVRM0/q6pVX9mTsKrtk1U7b8c:av0YX0rk87XbV/nmEEQ0/q6l9Lc5T
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-