Extracted

• • Target

    e6a761525b8d1ac1845cd704f591e73a3480748e81cad83a40b9efd30978e8eb

  • Size

    1.0MB

  • MD5

    b2ecd0827c748d1490c9ffcadd299003

  • SHA1

    3de57cc0018c961880fc08bd0e9f4c23095dfe25

  • SHA256

    e6a761525b8d1ac1845cd704f591e73a3480748e81cad83a40b9efd30978e8eb

  • SHA512

    d969c9c7b91d064d49489fc07a94f59e90cbfccab13b5422a15166ca7011ff2c35cd997a34e3d41aaaafd23bbbfa95d8f29f9dac16c6f6a456fedb0b72685738

  Score

  10^/10

  massloggercollectionspywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2