Extracted

Extracted

Extracted

• • Target

    Revised Invoice Climax .exe

  • Size

    850KB

  • MD5

    a8ed22767227400f4fb7bf2a19b2baea

  • SHA1

    1621e5246a62157f1ce424c0009e5e4c8bf367d2

  • SHA256

    9438029220db8ca0eceabb6d576917ebce7b30db2eb9ca8e52a85b089c040a9b

  • SHA512

    2e0e5aa6a01f2e04d0ea1938ed5313c4c400a24944f006e8aaa5f90b41cc80499de0aaa1329ca1eaddbc11f413fc0d3e0da8c52a99736c017ae48ba86dad1fac

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2