Overview

overview

10

Static

static

3

NEW PURCHA...df.exe

windows7-x64

3

NEW PURCHA...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeccc60e17d9627eede490e812e9edaa_JaffaCakes118

  • Size

    737KB

  • Sample

    240921-bpwbqsyclc

  • MD5

    eeccc60e17d9627eede490e812e9edaa

  • SHA1

    4e724f99a4e91f038becaf06c245d87c070883cd

  • SHA256

    284ae70bb347ec422408b2651464cf7e80a8d8e8ae739e473ef2c40050b4e17f

  • SHA512

    da31b19217d1acfaa09e9e5aac011b8a8851d9fe9b2ce9dfb34b6cb09bb80e29465c4fd87ab1015bd2b836da24d553d5c304e3d18f826119a03b4f73bbd1efb1

  • SSDEEP

    12288:LIrUJIEwK57J5COBj2CEK9JN0+CkTCqux/QZRElM8ZZSOwIw9aXgHzf4ZkR:LIr3EwKRJNj2CpN0+Cker/QfEaUZAZHn

Score
10/10
massloggercollectioncredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      NEW PURCHASE ORDER NO.PO 4510040833 DATED 9.24.2020.pdf.exe

    • Size

      912KB

    • MD5

      fc581accff41ff1fd95aceea6af7835a

    • SHA1

      cfb163356efbee91607c1d590c9b81533f7d3e9c

    • SHA256

      3662a3b002337c0da8ad94925e3c183f0a2d35b0932f9d40b89643335f10564d

    • SHA512

      401b79a9a88ea482e8ff0ab2869933cb4d389135f47713a361c60908b079bedbcfed4a9dac6bd53eed1c592d9ade3285e6d8c7e82964e528823423a6a0b51eea

    • SSDEEP

      24576:BgCRrn939njG8cyjab5F1I2oWESe+m0r144zH:tnd9njGJyjaqnLSe+ti4z

    Score
    10/10
    discoverymassloggercollectioncredential_accessspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks