Extracted

Extracted

• • Target

    PO__2008.EXE

  • Size

    1.3MB

  • MD5

    7f1adfbd690c3493f9853c60611a6d26

  • SHA1

    4b8abeab03f5508aee739f4c9c8b7180cb51204c

  • SHA256

    aeaadb0810739b7ac17ae1ca594a750c9e831a3407da2f845dace782ce930bbb

  • SHA512

    d920aaccfc720d82a0fedb2ad362eb7dbf67b686835be91e159c1ce42e5c0bcb9308f2b963d2aac59da87163d173e8aedf55d2c16799b3c8646212acb8249aef

  Score

  10^/10

  massloggeragilenetcollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2