Extracted

Extracted

• • Target

    PO4500015946.exe

  • Size

    1.0MB

  • MD5

    382276d6658a59ab571cf5c314733990

  • SHA1

    64d83a925e1a791f906d907b5094a913cc4d24a4

  • SHA256

    fc03d41d9bac8d78e1d829039f24f2f7066ded44a70c4126045c553015bbe957

  • SHA512

    4d3a224946704bb6f5b7ff5a6a8ed9994bb55f25982f4838b2f2c298a9a34575d86e1efcaabaffbf1dd7fe41464f6a4f0765ed52e09e19815c924095c077a733

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2