Extracted

Extracted

Extracted

• • Target

    QUOTATION.exe

  • Size

    864KB

  • MD5

    c2b1fcf142b7b221817ace1073ba58ae

  • SHA1

    e8952c01300ae5a7ca6cc2e24807a6c12aa556ce

  • SHA256

    6d23e4cb2a7704f3ebeaf44893bb9c1df101f0f03d522ceb51a0e1cfc7f8e8ec

  • SHA512

    6c82b754c8e4c2df128f5f562867d59cfabe1feb24a8adc2ec1db3a6c545ed59de18f8804689bf0ef4f81abf3e169ac937fdaaf66b2daaaa32d96772cd5ec3b9

  Score

  10^/10

  massloggercollectioncoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • CoreCCC Packer

    Detects CoreCCC packer used to load .NET malware.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2