Extracted

Extracted

Extracted

• • Target

    order.exe

  • Size

    1.2MB

  • MD5

    58d3c173379511c75ea7fba7cb554521

  • SHA1

    350cd0da5171af6a94e2c15c69aebef33d0bcfd8

  • SHA256

    607f9c79b58c26613b4a6ebc78efe524acbe436c984a09aeff7d40cb109eff8d

  • SHA512

    1e767e10a6fc1cdc0654d905c529667d4276fb08a32417b861c35d5269df57753b4794fd4b03f9d2cf4fa6246bff7be7b7bb435b38fb1b918450251cb78f19b6

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2