Extracted

Extracted

• • Target

    Purchasing Doc_ 6000019430..exe

  • Size

    993KB

  • MD5

    fce148c087a107f4303263e32f0b312c

  • SHA1

    3a48f7ad6216076ee6f9a07d80f632044d663e50

  • SHA256

    a654772e801683ef8639985af05c8845d16ab48df5c6a8e65d014251692d73d2

  • SHA512

    4da468ca91e395d1446fc75cd04a2ba80b32e3f4e955a7d6d90915328ffc52e51949b9c002aa7a6df68817128ed9f0061e4039bc124dcfc77d24632a8c55b144

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2