Extracted

• • Target

    20200818__0019499400199.xls.exe

  • Size

    882KB

  • MD5

    d4d7fe36e22fd879ffa8ce3cbf6de55d

  • SHA1

    ba2994af343adc732d36a0b5169a70c2b6bad115

  • SHA256

    b56dc20e7a6a6b86fb49f3802961cc8b21b75938af4de7bb55db894a8546246c

  • SHA512

    3049861d9196199227063db90811b8aa5e7a2835087590a9dc9b0f27d66b058e322bde602001a53f25f72dabdc2118ff98bcea004b09eff0cf1e882fd54d3ba1

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2