Extracted

Extracted

• • Target

    b9d5200302ab75b343ea934c8993066e5e414d75201edec551d3e4852b872bd9

  • Size

    2.0MB

  • MD5

    b98d51b689e39cc95a22bcd79f678260

  • SHA1

    9d127c0a223f191b8c640fccdaef0d23e8f85d6b

  • SHA256

    b9d5200302ab75b343ea934c8993066e5e414d75201edec551d3e4852b872bd9

  • SHA512

    6989829315ebc0bad5fa66b8ae57d498c0a2e5a4cc789a6ef189c42436131f486eff1c92e8352b2ce77186a096bb6674e92391da434416c56febbfb4f42326d8

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2