Extracted

Extracted

Extracted

• • Target

    [C38226] #TD JMMasuda_Mfg.exe

  • Size

    817KB

  • MD5

    6ca7ca71e6777e838bb32c911e5e68eb

  • SHA1

    a3c11cc089fd8f5db0d673d9f4f63d495ee3cffe

  • SHA256

    fbc70395ea55477b8827145c12f85133565b1be20e31f71327ea17d2706127be

  • SHA512

    c772675fe56dc2d95bdf7ff59c0a0ea81f0743f074cb5c7e9c29fc78e8f9eb19eb023d9b0a2bf2f9aadef2250dba78667a454db46275c7a9a91a800180ccef58

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealercollection

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2