Extracted

• • Target

    4b835db3e98b6d97d16c9d3929b770108e7ca059293fb29b11eff5958ef3a019

  • Size

    1.1MB

  • MD5

    8cee55a43ab91a8e4960a516760faf1b

  • SHA1

    bf1647c3a0c22b2bd408638cd6eea7146e8fa45a

  • SHA256

    4b835db3e98b6d97d16c9d3929b770108e7ca059293fb29b11eff5958ef3a019

  • SHA512

    fb572c0fb55a64adcbf7545210f589024452354f98b0251d75f88a34ecf08a1f741b678bbbd601c98eb4558089b882ed6fc4ac07f708018837b6269f0f9a88a8

  Score

  10^/10

  massloggercollectionspywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2