Extracted

• • Target

    BL_0003.exe

  • Size

    813KB

  • MD5

    e62ddd8facfe9707b2f56fd60bb09266

  • SHA1

    7c3e04a6eb2252a38b50b237ba201114bdfaf346

  • SHA256

    eb3d6a6bfec90855240b6e239a10d283ecf13b118e9b769e2f4100b3eec76a12

  • SHA512

    50022648bc29f6cdcb20a6e640848908d35785e463056efbfc06e2666b1015589e156b4a82dd25c33252d566d638f2ab0f0e059ce36f58e2f84e02d0b382224e

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2