Extracted

Extracted

Extracted

• • Target

    F20794-送銀行_xls.exe

  • Size

    828KB

  • MD5

    85f371fdbe9b8f2d020e2d524f7cab4f

  • SHA1

    cd71ea891aea2af7714c9a615de72515bfb390e5

  • SHA256

    a760f527a357c0102eb9d9ecc6ca76f245d34237b230ce9a38e83ae806ab13cb

  • SHA512

    39398504ecdd905054244d8052d82d86a74fbba209a7e8a32e946311f4b573f36f95952448732368a93fb5b8f3d78603798f03a9525450e1825a24071c62d972

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2