Extracted

Extracted

Extracted

• • Target

    AMG-017-PR-2020.exe

  • Size

    907KB

  • MD5

    6f5190a7c7a0a14b5af3ffe16b93bb37

  • SHA1

    b81f28c015a1469657126c01e802d33b8d63e4f9

  • SHA256

    e96e191e65ba59a45f7b491b23588a0d6ed50d5ada789b54a6e531dcddbb1221

  • SHA512

    9631a3909bdc7c19eafc5327f5e9374a55603235b8312275d81ce634face70014824efefe0ab55bf2acfd46668f6f554ad9957eb1d79a081c3581700cfe1a3a5

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2