Extracted

Extracted

• • Target

    NEWSC9 28TH PO.exe

  • Size

    1020KB

  • MD5

    b543a797b74341bf5d8f52b04e7a3141

  • SHA1

    d2b67094fc02aa9f70c7e6c015be86797e38d5f0

  • SHA256

    2467434b0ac840b5f4dfa8ac3bc14ac9ee6004e7b71bfd3303ab62b6345f0c62

  • SHA512

    74dcf634733c2841715e094868e1b651faf962e242591dc35a6a60428d12c2931a93ce82ac4c556158850ce22dd117bddf6f53f46487ad442359535453448bcd

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2