General
-
Target
d7da46701d3da6ffd69d4c05bd6dea98_JaffaCakes118
-
Size
1.1MB
-
Sample
240910-jz6t8avfqd
-
MD5
d7da46701d3da6ffd69d4c05bd6dea98
-
SHA1
d68bde0b27b3a8b81fb69decf737ebdfd2bce8bd
-
SHA256
0ca3dafa35066c7aaf4b76268b035cd0fe5fb10130bc5f9b04d723d50c974e82
-
SHA512
40926fb7ff44e3ec52de3f32146be023fc80a1a7665ad3eb6e584ea97fb1db6fecf8222feb3df91c4f11f106b360294f8e30e594b7546853e704e26744a67db4
-
SSDEEP
12288:ODb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFvUQm5hGXV8PNyIMsGO1C:OFBrny7d7eqq2Z32sUQWAV8PCsGOU28d
Malware Config
Targets
-
-
Target
d7da46701d3da6ffd69d4c05bd6dea98_JaffaCakes118
-
Size
1.1MB
-
MD5
d7da46701d3da6ffd69d4c05bd6dea98
-
SHA1
d68bde0b27b3a8b81fb69decf737ebdfd2bce8bd
-
SHA256
0ca3dafa35066c7aaf4b76268b035cd0fe5fb10130bc5f9b04d723d50c974e82
-
SHA512
40926fb7ff44e3ec52de3f32146be023fc80a1a7665ad3eb6e584ea97fb1db6fecf8222feb3df91c4f11f106b360294f8e30e594b7546853e704e26744a67db4
-
SSDEEP
12288:ODb7BqrErn/mxx7E6vMJaxKwWoFJm6y2o/Yc4/P2x1AFvUQm5hGXV8PNyIMsGO1C:OFBrny7d7eqq2Z32sUQWAV8PCsGOU28d
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-