Extracted

Extracted

• • Target

    DHL ARRIVAL SHIPMENT PRE-ALERT.exe

  • Size

    1.0MB

  • MD5

    d66436765b3cb3dc1a97beab0c6c7ae2

  • SHA1

    bb5f32c172af5efd89c25960bed8edc76467a9b9

  • SHA256

    dc05645067f3f3ccf6a4e647dcf935c928fd981ef904672603a7ab409488166e

  • SHA512

    5591c88812f92ce11bbc87c01dceba3de905c5b7473582f2eb58f91929da4baf1bf44b5beb025d97027b85152969a64ef9c680881e4f30f7ac3a58a4e707e8a3

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2