General

  • Target

    ad9531ac0a498dc0d2ac79efb50a24be5d5a47becfbb88961f9e00e2fb1e97f7

  • Size

    534KB

  • Sample

    250630-t6thkshn4v

  • MD5

    c5f914c340776bb82eff39e200d678aa

  • SHA1

    7d385ec2bf1140787ecdc4d05a9d0da1087ad28f

  • SHA256

    ad9531ac0a498dc0d2ac79efb50a24be5d5a47becfbb88961f9e00e2fb1e97f7

  • SHA512

    73517d82dac0df448f140446b4f96bed6e90cae084b4f74dbd6a9909c964b5a48e7b25db1bb5658a243b70ca5ef06a29f4f754a3db145c56ad1b5372e7130c00

  • SSDEEP

    12288:FZB6uktO8rEZbUINYxBJVKpQI7ZZh0SXfBgprEu2:Z6u6zrG2x8pRZxvqKu2

Malware Config

Extracted

Family

masslogger

Attributes
  • exfiltration_mode

    #SMTPEnabled

  • expire_time_date

    2025-02-19

  • host_password

    LILKOOLL14!

  • host_port

    587

  • host_receiver

    [email protected]

  • host_sender

    [email protected]

  • host_server

    webmail.dongjln.com

  • ssl_slate

    True

Targets

    • Target

      00130062025remitcopyScan003.exe

    • Size

      641KB

    • MD5

      8e321f0f25f7b483aeddb38d9c51e20f

    • SHA1

      89f440335180e2be33fe2cff269538bffd32f5e6

    • SHA256

      67013f5241d8466d3a9453a1b00cf28b4e34843eb23430dbffa941c8256995f5

    • SHA512

      ad498041b5a6fbab6d6ffc888f3e3a7fe72ed429ecbcae93d6a4e21008fe1c4a6a4ff17851f0577fe6058b0bd74e307bd7a6cd86c89fca2a353a392144e13cf7

    • SSDEEP

      12288:jMwC2L2cvdQql7eGi6yLKClZU8yWrvobbTxXTw9kdEG:jMwC2LXOI7erzvQb58qKG

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • Masslogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v16

Tasks