Extracted

• • Target

    May Strict Order_7PrZEOy90VLPJsk.exe

  • Size

    886KB

  • MD5

    801c3f792d035b5c1603aa249a468d3a

  • SHA1

    845a034eaf4086d1b3200fae50fc7f87071a388f

  • SHA256

    3ab173f1c673d450f1f9640193efc87c76e64687e4c43ea0024287c875cde792

  • SHA512

    4f94663d39fda1081c182b199dcd35abdc845b580a5c73ede50f979aa089d3b5c4abcd2caec4cdc1cd08bcdc294f538338a99043c609251f7472b0bd9c111143

  Score

  10^/10

  massloggercollectioncoreentityrezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2