Resubmissions

13-10-2024 20:00

241013-yrfemazeqm 10

08-10-2024 01:41

241008-b4e83awgqa 10

22-08-2024 23:22

240822-3czl6svhqr 10

General

  • Target

    b977a9f58910d5b0c1eb2501089b3d84_JaffaCakes118

  • Size

    888KB

  • Sample

    241013-yrfemazeqm

  • MD5

    b977a9f58910d5b0c1eb2501089b3d84

  • SHA1

    1bc0e60b3397560414c1f0dbbe9b716b83b1685d

  • SHA256

    619ae9f6605a4c01851999c358172385764b50bb32abbe80f2d3ed341807c137

  • SHA512

    f22033bc480c5bc5b52986b91b66fbf2443dfec1b2399a2b7e1f097991dfbffec07e52c8e7f4bb998c8cda34526b96f300387db36cea2eecfb33f9c832e6e1cf

  • SSDEEP

    24576:Uww2Y8ILo2jFk4Y+7801MqdGT6GTL8nLneWVE58QbgK0PWtt2:Uw9UI+A0uV6GTyLnetgK3tt

Malware Config

Targets

    • Target

      b977a9f58910d5b0c1eb2501089b3d84_JaffaCakes118

    • Size

      888KB

    • MD5

      b977a9f58910d5b0c1eb2501089b3d84

    • SHA1

      1bc0e60b3397560414c1f0dbbe9b716b83b1685d

    • SHA256

      619ae9f6605a4c01851999c358172385764b50bb32abbe80f2d3ed341807c137

    • SHA512

      f22033bc480c5bc5b52986b91b66fbf2443dfec1b2399a2b7e1f097991dfbffec07e52c8e7f4bb998c8cda34526b96f300387db36cea2eecfb33f9c832e6e1cf

    • SSDEEP

      24576:Uww2Y8ILo2jFk4Y+7801MqdGT6GTL8nLneWVE58QbgK0PWtt2:Uw9UI+A0uV6GTyLnetgK3tt

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • MassLogger Main payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks