Extracted

• • Target

    ad35600b7390c8cb353fe9c623eb71df7fe0badbe2ae358b61a42b031b6e921b

  • Size

    784KB

  • MD5

    522a792f04d1da15ac115413b4fd93fa

  • SHA1

    8ccbfc0cda92612e323cf17ac9df77e12fa40ace

  • SHA256

    ad35600b7390c8cb353fe9c623eb71df7fe0badbe2ae358b61a42b031b6e921b

  • SHA512

    73419a54c901169841099947d603bad7af811fd37fc2c5c01fcd5de74d18b03f7f817c6bae94dcb5096bcf939c3e1b9fede30d96f133863c77dfb25511c83da6

  Score

  10^/10

  massloggercollectionevasionspywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2