General
-
Target
ad9531ac0a498dc0d2ac79efb50a24be5d5a47becfbb88961f9e00e2fb1e97f7
-
Size
534KB
-
Sample
250630-t6thkshn4v
-
MD5
c5f914c340776bb82eff39e200d678aa
-
SHA1
7d385ec2bf1140787ecdc4d05a9d0da1087ad28f
-
SHA256
ad9531ac0a498dc0d2ac79efb50a24be5d5a47becfbb88961f9e00e2fb1e97f7
-
SHA512
73517d82dac0df448f140446b4f96bed6e90cae084b4f74dbd6a9909c964b5a48e7b25db1bb5658a243b70ca5ef06a29f4f754a3db145c56ad1b5372e7130c00
-
SSDEEP
12288:FZB6uktO8rEZbUINYxBJVKpQI7ZZh0SXfBgprEu2:Z6u6zrG2x8pRZxvqKu2
Static task
static1
Behavioral task
behavioral1
Sample
00130062025remitcopyScan003.exe
Resource
win10v2004-20250610-en
Malware Config
Extracted
masslogger
-
exfiltration_mode
#SMTPEnabled
-
expire_time_date
2025-02-19
-
host_password
LILKOOLL14!
-
host_port
587
- host_receiver
- host_sender
-
host_server
webmail.dongjln.com
-
ssl_slate
True
Targets
-
-
Target
00130062025remitcopyScan003.exe
-
Size
641KB
-
MD5
8e321f0f25f7b483aeddb38d9c51e20f
-
SHA1
89f440335180e2be33fe2cff269538bffd32f5e6
-
SHA256
67013f5241d8466d3a9453a1b00cf28b4e34843eb23430dbffa941c8256995f5
-
SHA512
ad498041b5a6fbab6d6ffc888f3e3a7fe72ed429ecbcae93d6a4e21008fe1c4a6a4ff17851f0577fe6058b0bd74e307bd7a6cd86c89fca2a353a392144e13cf7
-
SSDEEP
12288:jMwC2L2cvdQql7eGi6yLKClZU8yWrvobbTxXTw9kdEG:jMwC2LXOI7erzvQb58qKG
-
Guloader family
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Masslogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-