General
-
Target
PO-01072025.exe
-
Size
1.0MB
-
Sample
250701-f3fwessl18
-
MD5
76cecc49da8400dcd44ea884c92bc052
-
SHA1
6c268063661bc14daf3667493e14a65cc1645bba
-
SHA256
b4fe619f5239cfca234c53e50595b86fc5c150757b25035f123e61a52d2b68a4
-
SHA512
ca55c8e747a53604fd08922d1607a64b9afb6b91224b94eda63bced2dc2ca704044e801430fe4916687817ac8d4e61e6525a157f8a08ee1b9adbca3727d161ac
-
SSDEEP
24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaWtIUQ4zL:8PVt/LZeJbInQRaW
Static task
static1
Behavioral task
behavioral1
Sample
PO-01072025.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
PO-01072025.exe
Resource
win11-20250619-en
Malware Config
Extracted
masslogger
-
exfiltration_mode
#SMTPEnabled
-
expire_time_date
2025-07-17
-
host_password
GovnoBoziA6
-
host_port
25
- host_receiver
- host_sender
-
host_server
mail.mpsv-hnz-k.ba
-
ssl_slate
True
Targets
-
-
Target
PO-01072025.exe
-
Size
1.0MB
-
MD5
76cecc49da8400dcd44ea884c92bc052
-
SHA1
6c268063661bc14daf3667493e14a65cc1645bba
-
SHA256
b4fe619f5239cfca234c53e50595b86fc5c150757b25035f123e61a52d2b68a4
-
SHA512
ca55c8e747a53604fd08922d1607a64b9afb6b91224b94eda63bced2dc2ca704044e801430fe4916687817ac8d4e61e6525a157f8a08ee1b9adbca3727d161ac
-
SSDEEP
24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaWtIUQ4zL:8PVt/LZeJbInQRaW
Score10/10-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Masslogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-