Overview

overview

10

Static

static

DHL Shipme...41.exe

windows7_x64

10

DHL Shipme...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ec753e5cafab6f687a4cda65a4509d3ecf15d4ea1bbd990e671ed00d66cbb8f

  • Size

    816KB

  • Sample

    220521-avsmcsdggl

  • MD5

    1b726e496f818e33c96f6f1f3467baff

  • SHA1

    0beceaec37e1cc92fb4b394c6f96c5c39b4ce882

  • SHA256

    4ec753e5cafab6f687a4cda65a4509d3ecf15d4ea1bbd990e671ed00d66cbb8f

  • SHA512

    c024e556dd7d53ad6a799f169071a49e1a06cdf57aec354153c5b641c3387b0053eb5f744ba1cd73ce3f0138c9735f3161981466668f2330a879717f0527ed8c

Score
10/10
massloggercollectionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:45:18 AM MassLogger Started: 5/21/2022 2:45:09 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:45:17 AM MassLogger Started: 5/21/2022 2:45:09 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:45:30 AM MassLogger Started: 5/21/2022 2:45:23 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Downloader ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:45:39 AM MassLogger Started: 5/21/2022 2:45:32 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:45:58 AM MassLogger Started: 5/21/2022 2:45:51 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:46:00 AM MassLogger Started: 5/21/2022 2:45:52 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:46:07 AM MassLogger Started: 5/21/2022 2:46:01 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Bot Killer ||> Disabled <|| Window Searcher ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:46:10 AM MassLogger Started: 5/21/2022 2:46:03 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Downloader ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:46:11 AM MassLogger Started: 5/21/2022 2:46:05 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Bot Killer ||> Disabled <|| Window Searcher ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Extracted

Path

C:\Users\Admin\AppData\Local\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note
<|| v2.4.0.0 ||> User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 2:46:28 AM MassLogger Started: 5/21/2022 2:46:20 AM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility Name:WerFault, Title:Microsoft .NET Assembly Registration Utility <|| WD Exclusion ||> Disabled <|| Binder ||> Disabled <|| Downloader ||> Disabled <|| Window Searcher ||> Disabled <|| Bot Killer ||> Disabled <|| Search And Upload ||> Disabled <|| Telegram Desktop ||> Not Installed <|| Pidgin ||> Not Installed <|| FileZilla ||> Not Installed <|| Discord Tokken ||> Not Installed <|| NordVPN ||> Not Installed <|| Outlook ||> Not Installed <|| FoxMail ||> Not Installed <|| Thunderbird ||> Not Installed <|| FireFox ||> Not Found <|| QQ Browser ||> Not Installed <|| Chromium Recovery ||> Not Installed or Not Found <|| Keylogger And Clipboard ||> Disabled

Targets

    • Target

      DHL Shipment 7348255141.exe

    • Size

      1.0MB

    • MD5

      ec1721ef86c0f91cb52081731624f00b

    • SHA1

      3e7900979980b88607b51f0a39faaaab5778eb6f

    • SHA256

      c3678d87151b21e6a29ded035522c1c22950f97787e45b3df2dba52a4e688c97

    • SHA512

      2fc3b09e286e427bd11ea822c3a55fce71c161b9cd1c8ab268eaa4214fcde3cfd73e54659c9fb3ea76d28145099811a9a30fcbf32f28e5cb6172afa0709d9f5b

    Score
    10/10
    massloggercollectionransomwarespywarestealer

    • MassLogger

      Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

      stealerspywaremasslogger

    • MassLogger Main Payload

    • MassLogger log file

      Detects a log file produced by MassLogger.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks