General
-
Target
e700ad3eead371c482437a4d40779365_JaffaCakes118
-
Size
1.1MB
-
Sample
240917-rla5dsxbpg
-
MD5
e700ad3eead371c482437a4d40779365
-
SHA1
0ec7dd51cb4d3cf0b6c3449915ed6429e6845b70
-
SHA256
fc8f5c635abe5534833683141ae57470c09a246eb290895ce748d1bede405c25
-
SHA512
babc42494b69d6c0e2eab9e7dd66287c11a2621befd872315fc316ca77d2c78e16eb186e04687e0bdeba96add9381917d5b85d003890d8b321cfb3da354f5b3f
-
SSDEEP
24576:ZRgV9lX4ePztJzKe4QTnExJrP6vK+smrS2QCr6JIHCowE:ZR6bbJR7OyCWG26uie
Malware Config
Targets
-
-
Target
e700ad3eead371c482437a4d40779365_JaffaCakes118
-
Size
1.1MB
-
MD5
e700ad3eead371c482437a4d40779365
-
SHA1
0ec7dd51cb4d3cf0b6c3449915ed6429e6845b70
-
SHA256
fc8f5c635abe5534833683141ae57470c09a246eb290895ce748d1bede405c25
-
SHA512
babc42494b69d6c0e2eab9e7dd66287c11a2621befd872315fc316ca77d2c78e16eb186e04687e0bdeba96add9381917d5b85d003890d8b321cfb3da354f5b3f
-
SSDEEP
24576:ZRgV9lX4ePztJzKe4QTnExJrP6vK+smrS2QCr6JIHCowE:ZR6bbJR7OyCWG26uie
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1