Extracted

Extracted

• • Target

    PO3718852.exe

  • Size

    1.0MB

  • MD5

    5f44fff7c752fef03cbf05d1304279be

  • SHA1

    967c4a4fe15ce10bcf1ab65bab7e2ec49eab6e01

  • SHA256

    a73985784fd11ed9276d875521a98618001f232d756f3290b694466c16123a46

  • SHA512

    e4325c42eb7fc9f80ea5d2525dbfc44e9c2c85ad4a021ef47eba26ce884810721a9e62f5a7bd93aefcc9ad634e326cbdca216e70605f5766073b8cf13c952224

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2