Extracted

Extracted

• • Target

    167647227-54134-sdfnt4-2.pdf.exe

  • Size

    845KB

  • MD5

    7dc2565dadc8f091295dfe0b87fb40d8

  • SHA1

    05de206b83b43fa25e199ac07a38eae56cc97e8d

  • SHA256

    c75eff508f62cf4acb9960a32a93e15f4037325a66b8b669649c83d08ee70730

  • SHA512

    dd1c27d1349c55056ce1af23c0f0123aeface0188c898b0dfa9d29fb78f45280430f00b8e775f85ad1a9bcac456c244b745bb2a2522b59ddb0990ed2b571e612

  Score

  10^/10

  massloggerransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2