Extracted

• • Target

    0c88fe3c8c89f147793600dc852e380edf17219d55c84d9894420659ff81b6b7

  • Size

    801KB

  • MD5

    acdf6a1ba69a3c47c10b477aca7573f8

  • SHA1

    be7033f5e7ad87f70decc0d72dbce2a483f5852e

  • SHA256

    0c88fe3c8c89f147793600dc852e380edf17219d55c84d9894420659ff81b6b7

  • SHA512

    716810fba0d37906c9f8309c64a45f51764679c7c8a3c46df978aa94c82fc1708e9e04b478ead684ce07ae328790eb8ae4234f269aa57df4cdeaa9273b9d5859

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2