Extracted

• • Target

    PO31909704_1.exe

  • Size

    788KB

  • MD5

    4425e6eccd87b5f867f0e8591b869c6c

  • SHA1

    1c84f8ae03b5c314e64caec354130c4e9adc3974

  • SHA256

    3e57aaffcd5dfe4c6487c73f7c457865405070f276efab07164f30be4741e733

  • SHA512

    48aee6277d3bc33c3024f6c0fb3f889970bc80725af65995be71e9a78041a917b09c0945042b0704e8a4d7ed4db85af6213fbfc9335336596026013826dc2eb7

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2