Extracted

Extracted

Extracted

• • Target

    HCtR5cTfBBvX0Tt.exe

  • Size

    956KB

  • MD5

    946617f29b6f4d728a590d6eaae36126

  • SHA1

    d06818f1f24d85e26d7159845076f346564253a0

  • SHA256

    45ef1e51df38e6778aaf2cd726748b55459b4aa54a2c8c2fea445cab0885f7bc

  • SHA512

    7204f1163662f391fe09c2637ca9c2e07e08bc1c047fab4e1594c49a37fb222093d86298c267cec9ee27f842f538f480c2bb8078ffea59c501f4777ff50a7d2f

  Score

  10^/10

  massloggercollectioncoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2