General

  • Target

    PO-01072025.exe

  • Size

    1.0MB

  • Sample

    250701-f44c4ssms3

  • MD5

    76cecc49da8400dcd44ea884c92bc052

  • SHA1

    6c268063661bc14daf3667493e14a65cc1645bba

  • SHA256

    b4fe619f5239cfca234c53e50595b86fc5c150757b25035f123e61a52d2b68a4

  • SHA512

    ca55c8e747a53604fd08922d1607a64b9afb6b91224b94eda63bced2dc2ca704044e801430fe4916687817ac8d4e61e6525a157f8a08ee1b9adbca3727d161ac

  • SSDEEP

    24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaWtIUQ4zL:8PVt/LZeJbInQRaW

Malware Config

Extracted

Family

masslogger

Attributes
  • exfiltration_mode

    #SMTPEnabled

  • expire_time_date

    2025-07-17

  • host_password

    GovnoBoziA6

  • host_port

    25

  • host_receiver

    [email protected]

  • host_sender

    [email protected]

  • host_server

    mail.mpsv-hnz-k.ba

  • ssl_slate

    True

Targets

    • Target

      PO-01072025.exe

    • Size

      1.0MB

    • MD5

      76cecc49da8400dcd44ea884c92bc052

    • SHA1

      6c268063661bc14daf3667493e14a65cc1645bba

    • SHA256

      b4fe619f5239cfca234c53e50595b86fc5c150757b25035f123e61a52d2b68a4

    • SHA512

      ca55c8e747a53604fd08922d1607a64b9afb6b91224b94eda63bced2dc2ca704044e801430fe4916687817ac8d4e61e6525a157f8a08ee1b9adbca3727d161ac

    • SSDEEP

      24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaWtIUQ4zL:8PVt/LZeJbInQRaW

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    • Masslogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks