Extracted

Extracted

• • Target

    Proforma Invoice.exe

  • Size

    1.0MB

  • MD5

    a009bf5f0bc5b29b3c7f70203584c20c

  • SHA1

    1f95f553fb11d4d6f6b7a6a15a3ed19aba8403ba

  • SHA256

    8c3156c901bae62d20fce1aa07a4c0e0252ac6ab6443877396a37f83441f2b65

  • SHA512

    4185e273e76f21c4521f243d6f7aab693996269e4937053c053bba3ac2f83dcf0039b02ff7da23ae2648bc906e96e18f2f82e21a58956268518d4b1fd688b9bd

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2