Extracted

• • Target

    001b14d21f1f99aae9ae6b365482be3cd75568e33a8af6aba36d148129ac19dc

  • Size

    1.1MB

  • MD5

    517572f5a978bee6c537f4cca48e2cbe

  • SHA1

    686d6a30d18c92b800b9737ba917df4959081fee

  • SHA256

    001b14d21f1f99aae9ae6b365482be3cd75568e33a8af6aba36d148129ac19dc

  • SHA512

    28eafec1ff1e423b4abd9ab1c2134822e1472710b73d15a5fcaf634a37cb3bcc9a6cb614d989a89bf18fc141429873d9db28aac11cc0d92372fbaeff9547e50e

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2