Extracted

Extracted

Extracted

• • Target

    New products_Inquiry00000000PDF.scr

  • Size

    1007KB

  • MD5

    4410f1e9106370721dd61b665e62db98

  • SHA1

    eadff44552f64370b85c35abd736c39465fd833d

  • SHA256

    6d8dbdf39f97cc1b6730d7eb7b2ac7f60ac2026e5ac33edb00093f1a87cfcf9a

  • SHA512

    60ee671e4b37b6cc58ae8bd7351e475f8279827ea7eab30d463e4e201db99b9300b84d21b997ffc029e5cbbb6e4a5efcddb71dceb661a644a4a4227eb3009c67

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealercollection

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2