Extracted

Extracted

• • Target

    inquiry specification.exe

  • Size

    1.1MB

  • MD5

    16c4321bc234cdab8a4d88ab7ec34dce

  • SHA1

    5d14eca7122d63f168dda48f6d93cdc74493d265

  • SHA256

    18e55619cb6c0b70275af3562d71f362114ac432ec97fbcd4ad8425113f6471a

  • SHA512

    d3d5277cdcca9c99a3a797bb0bbf68f2fcdf41efef540e5c445006ec2893bd6c240e620efd78ebe559f608d6423e03d57e161ca03da5e618f4a95a288e368c2a

  Score

  10^/10

  massloggercollectionevasionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Modifies visibility of file extensions in Explorer

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2