Extracted

Extracted

Extracted

• • Target

    Zona Industrial.exe

  • Size

    614KB

  • MD5

    b19684558dec68ee45b19b99ff06244c

  • SHA1

    90025801b69b7bfc7b6ccc231e3a767276aa164a

  • SHA256

    ec8e1726c79994f38b1137b7652d7e31eea1ac4c9edc32ddb0888bb31b138fed

  • SHA512

    6020a275d55dfbb2eba8b3c7cb8fedf97e3d1e7b647bd6b4ed1a9813f96269f187ba3f1bb2f5ece270a12ded8dee5ee7c8cedee4aecf0bac292b7b449744c306

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2