Extracted

• • Target

    f487db26e46dc5067bca06003759d119dae50ff6c527a8c68fc01d73f41f4a64

  • Size

    1.2MB

  • MD5

    93691c5a4445ff293229299f17d4c1f9

  • SHA1

    d35793248343061d6b01718838de0023e8b20295

  • SHA256

    f487db26e46dc5067bca06003759d119dae50ff6c527a8c68fc01d73f41f4a64

  • SHA512

    a6bfd4e26771ad0e38ff20052cf9f3535185e4ec60d162a3c143f178ae679b55ff4d93b82a2b8e3a01937db4243af235d142ba9465288e34a79efc15b047b1e9

  Score

  10^/10

  massloggerransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2