Extracted

Extracted

• • Target

    RFQ For P.T Int #40803788200019 ,pdf.exe

  • Size

    1.8MB

  • MD5

    a41fdbd40b07e4cec71b57868db22eaf

  • SHA1

    90992b92cbda0f62a6990ad47e2ceccd1c3df1dd

  • SHA256

    5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b

  • SHA512

    c887e6f7899d8e9128cc7bec43baa53d85636e2e4ea4f50ce9d08e001562e389c05ede96d60e92f92782c6644f0082646e14d066051ab01bf4658d817ccef3de

  Score

  10^/10

  massloggercollectionrezer0spywarestealerupx

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2