Extracted

• • Target

    enquiry20j20endooooo746e66682DIF.exe

  • Size

    1.0MB

  • MD5

    f819668951d4b48df71db51d6b218299

  • SHA1

    0e1704dbb3ce830c3a1e0719b6002419e578a196

  • SHA256

    49f037f00bc0861be7b26aa3a1d51e803b5ebe558d801d470783485a58bb799a

  • SHA512

    5875bf3377e9ed0cacc04e421b3e7a7f97fe1e810d4d85408ca2a67a9f0fef8ba1e652fa6b3ab9ed04b2e9a01193d5871f4c006ea236d38fb2ba8e30fc8022c1

  Score

  10^/10

  massloggerransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2