Extracted

Extracted

• • Target

    e0233e3d234ae8b8eb6b8ca9c9c786ebfe8ae0adebd67fde7221dee9702269b9

  • Size

    1.2MB

  • MD5

    d6c097f46ec91b48fa94cad04d05b8b4

  • SHA1

    04eee12d1b239ec861980d2dd84534fa4e379795

  • SHA256

    e0233e3d234ae8b8eb6b8ca9c9c786ebfe8ae0adebd67fde7221dee9702269b9

  • SHA512

    d4edd019a60b6f681208bfaef7517a6a299887c98fcc91f85aeb24ccdf8a7ec2dd4dfe1215f7628f4dfd5f0d5eee5d49ae4be61c6ccf239c7eb54da7652c890b

  Score

  10^/10

  massloggercollectionpersistenceransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2