Extracted

Extracted

• • Target

    PO_#21005_31_7_2020.exe

  • Size

    921KB

  • MD5

    16a56c09177049c41b257c9ddb40f752

  • SHA1

    8f296b76a6aa047df1b9079781ec5e5b2f9dd33b

  • SHA256

    911487d7a2f529a62f18bb148dada4366bab2a1d8d4a240133674b2790dfef30

  • SHA512

    80d7091768cc6a2ba4aeb9d66d56555b59e82694bb94a2403916f278dd47d8b4247079bb5100f1f65baa0a829378a5808de4abf8631400bb693e4316dcf590e3

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2