Extracted

Extracted

• • Target

    PO NOAB1088 -890998767909766.pif.exe

  • Size

    813KB

  • MD5

    f81dcda90d66e0f8b298be8f34d3025f

  • SHA1

    f292fe84bafd9b383fd3821bd199766a68a332e6

  • SHA256

    2c58586fa63f30484f632c92f18ee119950537c49e956f5b185bb5de21585ab6

  • SHA512

    e6d2c35f936fedc2829ad78c0a8ec9f9f427c915f3f539a08f59e4a2eaf0a65b3871000871030fbeca4d71e707da3ba3959c0ac0734e8b6dd7217652cb96004b

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2