Extracted

• • Target

    SWIFT_30032131300221547_0029938344.exe

  • Size

    1021KB

  • MD5

    224dfa794a92c3129e790f211bc1fe37

  • SHA1

    735ea8cd7357f40216da74736e65a0159b4c7fd7

  • SHA256

    a05377124fe9f9a262ddb1b58d2eac7556299ec686bf5c2f005bd4792131a3c8

  • SHA512

    49fe47f66fb4a21c2d21f9161462968181984213deef7c759fec6bc6852bca05f8fa6a92c02bf5437732eb4db1c63ad2bd4320ff631faff6678a56d74414fc39

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2