Extracted

Extracted

• • Target

    Cargo Group México - Solicitud del cliente 00235271-SKBMT-07-17-2020-115-DD3343.exe

  • Size

    1.4MB

  • MD5

    e4ebcde6c3e0f57dc68646345050c95d

  • SHA1

    a58b89b55f0dde1d1fc516f0ab33f54b4b77fe8c

  • SHA256

    ccbd3a0bf6f5ee155b8a270c65376ddf83f220dd044b44f7debebb3f76fecbca

  • SHA512

    282ea016a680d3c5228de36d6089a490d44f022567ae3bf5bafef829bcfb6481432245f499f42ae89d973b0d5d2104266d4b63aaca6d8995a839319c05c80d27

  Score

  10^/10

  massloggeragilenetcollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2