Extracted

Extracted

• • Target

    SCVT_PO7.EXE

  • Size

    1.1MB

  • MD5

    ff4d11fe8c488439082d8ab0b5bcae77

  • SHA1

    b7aa7159547add8201d3204b74ff637a78b0a4aa

  • SHA256

    e3b22f7b9f72b19b41dfe024803aeeaa88d0072a3e10a5bea82413285721c91b

  • SHA512

    90db98db5bd8adc3c03908c1ac01a9236387bbf4f2d113360639474f9b6a646eab325c3f1d0640f61f75a1a81228fa59ed01285c9f608b673f0947812e102f08

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2