Extracted

• • Target

    f850f8dbc4d481d6fe6357e4ecc67d2a576542a63c3ff3561b55905fa5e0786b

  • Size

    818KB

  • MD5

    72159f6de42ef2d65fee42a31bbbfcee

  • SHA1

    0fa0a3ec1f1772cba492316866f578c5db09adbd

  • SHA256

    f850f8dbc4d481d6fe6357e4ecc67d2a576542a63c3ff3561b55905fa5e0786b

  • SHA512

    5daea2a9995b9330cd17a2c4676c6aa8eacf18f15f54919b406fdccc1bcbfc74f24ac3656c24dc33734db7e62a022448b767e626ca7faa6a31a4026b29852534

  Score

  10^/10

  massloggercollectionevasionspywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2