Extracted

Extracted

• • Target

    New order (R.R) 1808202.exe

  • Size

    802KB

  • MD5

    26e0d9642410c40bc095fb579e4b2bc8

  • SHA1

    8b142703d79970003a0dfe108b3920a0181b97f2

  • SHA256

    a9f8d8a5503dca2d63d36e17041e6d065a6bf7bad41c000dd6d5a1e73d18d786

  • SHA512

    7a9bcab29cb487a8c7b8bc4bf12553504a8639cfb6108baee07e16d8a3abbde0614c4ed2f12f414370cc2395ee22b0c641c42ec40dc684c0935f12efddadb445

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2