Extracted

Extracted

• • Target

    19c5d6ab953cd04cf91ba1370f14d527cf89de375c8a340ce3e34ef777cba84e

  • Size

    942KB

  • MD5

    291d775d55a75bb207922bf0d28ce052

  • SHA1

    50e259313a63370304c62d9b68b74152a08ef123

  • SHA256

    19c5d6ab953cd04cf91ba1370f14d527cf89de375c8a340ce3e34ef777cba84e

  • SHA512

    cd8e88564edb628714d0fcee6f01da1df21497ebd8015054678b7d46a379a4fa67b57866dfa34d71da80b336d9693623ce21edc2d18d69e9760f41a7d6df90b6

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2