Overview

overview

10

Static

static

1

spécifica...PDF.js

windows7-x64

10

spécifica...PDF.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fef10dd1c8e0d1caca753c62988bcd9e_JaffaCakes118

  • Size

    1KB

  • Sample

    240929-t719ta1hqp

  • MD5

    fef10dd1c8e0d1caca753c62988bcd9e

  • SHA1

    7119083fcb899f9a900daeea63f4c3100ef4acad

  • SHA256

    68712b019798758b14a9f231771a807f4fbfea5a18c75c119c3970cf3fd50a68

  • SHA512

    f29dca7b0b682899aff1eac3d99e5d2ca93225ebc000e9cff888974eea4e869e8bee450f720905100b46491ecc8aa453aa2818d91701804296603591bed66d2e

Score
10/10
massloggercollectiondiscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      spécification_du_projet_doc04361120200924113759_ACF.28668_DPJ2020012681085.PDF.js

    • Size

      3KB

    • MD5

      ea79f170b2f7531f6aae0190cfac32d3

    • SHA1

      06a49ce472f34b717e2ef5ea2fe758b36bbeaf8a

    • SHA256

      8f0a1868051989d74f2a968a6f326c7ad3c442b4d1b90933a93e3851bebc26a4

    • SHA512

      9a79ca5c74671dca4fdf607fdbd67b1f42afac4239f5de83499cb8e70fd971a9a4c976599baeebb3e060f31229021d6f9110693ed0fd8d6237b2d4eedca94b4b

    Score
    10/10
    executionmassloggercollectiondiscoveryspywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks