Extracted

Extracted

• • Target

    c9a8b16591a76cfdccc1a84fae7ec51c02e42e41e2ef8923319692cd2a4f65d0

  • Size

    3.6MB

  • MD5

    8a4242d7f73d7dcbebc6c64e56fdf8c7

  • SHA1

    b974408e0879b1a2bce0bb9b95e6191d83f64ca2

  • SHA256

    c9a8b16591a76cfdccc1a84fae7ec51c02e42e41e2ef8923319692cd2a4f65d0

  • SHA512

    405eab4cad3965f225fb4e34cd877aeedf1e9f860c0f515f368b55b7d7d9a52e3806b737ef5dcb382a62ca815b788b0f3fa603fa8e7de47bc02cc6559110a258

  Score

  10^/10

  massloggercollectionpersistenceransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2