Extracted

Extracted

• • Target

    PO5728113.exe

  • Size

    890KB

  • MD5

    38623164c45a19e8e2f9cebda4cf1acf

  • SHA1

    4efe968985abb6165e8d4891a0a2ff9dc022c2f6

  • SHA256

    61ec5ccd0f1a6f9ef49ca93d9ee6aab8bfcb85ff06a7e5056375dbc994304ae2

  • SHA512

    01de73669cc0e5fcdda8b5e4f41b9b9dd4c48357be4c70e0d1a714924e1238c9abfc007e6fa7d8da0ea0d015572db214d5a1e394e25716753fbcd11e5fe3fc65

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2