Extracted

Extracted

• • Target

    Enquiry_00039.exe

  • Size

    891KB

  • MD5

    04c44b60982c1ffe9261c5b331da73a9

  • SHA1

    3d64f7f3cf5de94c81f4fd7fb1471fda42f6f627

  • SHA256

    9cba273cb9f9c6425ff47def05ea9f968752db15ce9255319cfd4a38ccc92e61

  • SHA512

    286c3ed34b90909087a1f2f1134c340170b099d54cb5e4cb0288ec18e11729e54abe83ef3b8e7f1482d11d16231845c54f97970432e20fdad3ecdb6d8298f401

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2