Overview

overview

10

Static

static

3

DHL_May 20...DF.exe

windows7-x64

10

DHL_May 20...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efda5b6570d56f9c9fb244211e1c1eec_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240921-p9asestbnf

  • MD5

    efda5b6570d56f9c9fb244211e1c1eec

  • SHA1

    814806bf2b01322c03e37988937e62fa924b0ffe

  • SHA256

    f63fab350ae884c55e1e399abfdec150a3db27402311dc5d48ce6ef101930a4d

  • SHA512

    c08c8bc263852bd9bef67bd1856472fe87994be91bc298669c7c596c465a9501994826a86ec4c093cdb38e149cee453f074018307e3240d72ef79f38040ac4df

  • SSDEEP

    24576:Tiwoh1pK7twlZ+lKp7KZ6lxV1iqCTuO9MNj:GK7tW+Mp0I1bBl

Score
10/10
massloggercollectioncredential_accessdiscoveryrezer0spywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.kogep-k.hu
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vb^4ZJR[JffqT,F2Tb

Targets

    • Target

      DHL_May 2020 at 06.1_8C7290_PDF.exe

    • Size

      805KB

    • MD5

      e4707e252ef3e7a6477c63a1a0350129

    • SHA1

      c5152a955485460d7c4bab092c5cebaf314ec092

    • SHA256

      7573a215a8c55cef7dd88267f3df3561fea190c207eb09cae2b59641945748d4

    • SHA512

      86f90725cd0dd098379c562ce311887f1c35a2a72d7c261f1544b8103265ded071408725250f1756e6b3b862fabaf0619a4b44d894b8643462998358ee428641

    • SSDEEP

      24576:yiwoh1pK7twlZ+lKp7KZ6lxV1iqCTuO9MNj:PK7tW+Mp0I1bBl

    Score
    10/10
    massloggercollectioncredential_accessdiscoveryrezer0spywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks