Extracted

Extracted

Extracted

• • Target

    HSBC SWIFT 15072020_39458727759233665_PDF.exe

  • Size

    986KB

  • MD5

    b007c573d0a6e812ef0f6cae5257313e

  • SHA1

    00219a6275e0c00d40d16c0300198da565c1fb28

  • SHA256

    3361c4a361d30a3eba1ad9e92cbc72a7794882a99a88b994371eae262faca387

  • SHA512

    585e8a30e3124ad18593d2d048818297b50737dc9b53ff5d6b548f17555ba73e5f4bdba12a6711d205b070f8751021c9b1a6f2adc74e2912682ec794812e11a2

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2