General
-
Target
fba4bd50d8a138dcd0746ef0963f560a_JaffaCakes118
-
Size
718KB
-
Sample
240928-gpvyvszgkp
-
MD5
fba4bd50d8a138dcd0746ef0963f560a
-
SHA1
88aa0cd582f4de30db752942a3151b10d32e9eca
-
SHA256
cfd17c9742bdbd2dfa02025850a8d859495fa3389a66a5b203d68e0e27544951
-
SHA512
fce6598d9237549b22c096d759d3ac60db45648dba45e5d8314c5fef25e2474918e179c14fb4b673ca7d5f98f9281ac9655bd7d3397c058c56f29d4bdfbd8294
-
SSDEEP
12288:A1pngcrwlLb0nv9oxfQ2DWDFY+zrS42uKqrF0isEGyYU0h7VpBuONNdTA:s1Ev0v9oxfQ2iDTSBuhaQ7eh7VpsGfA
Malware Config
Targets
-
-
Target
Order.exe
-
Size
824KB
-
MD5
bb63cdf61bbf3edad64e7508b8967499
-
SHA1
67c765f17e7e11358d47988fa4cff2e9fe989c86
-
SHA256
57f9edb95b97e15dd773d946a905bc137fee6947128e6f23ad3958ef20e4169c
-
SHA512
4c914d0764b583b63d854d0299428ca643f4fab332c95afa695020684241b1e8045092853529d3aa623e76e5a8ad733b309883eae2137daa202b1d4e3209bc99
-
SSDEEP
12288:5D1LTgcTklfbInv3oTfY2XuX9Y+nrY4cuwq9R0isIGckUG3xVpZuONqQ:f/QDIv3oTfY2+XXYZuR+MnY3xVpkGq
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main payload
-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1