Extracted

Extracted

Extracted

Extracted

• • Target

    RK__PO_2.EXE

  • Size

    982KB

  • MD5

    a5796bf649f72fdcae32b0a0241de4fb

  • SHA1

    f302b9c34ed15e69f1fbe938fc7b0c817a2c963f

  • SHA256

    5e2a294936d4b10a484ef84819a6279566e1f3028fd684b653998054f7f42181

  • SHA512

    96f30fc24421f53160080936ef73741df0b5b604d1a158e3bcbb2bb747b1bb827a46fa6b71276b1645c2b9b6bcc28f9e0f250d4d698a04321c70257f9b9ac92b

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    RK__PO_N.EXE

  • Size

    981KB

  • MD5

    96de546b32289587f7db830e1e385a26

  • SHA1

    60f2925dc7ebdb8aa4c844edcaa3b0b5c6b4954b

  • SHA256

    00068dc51db13086db2a9fc776a55a946c699f1a225ee6595ae6b91ea469356c

  • SHA512

    f26fe0d399a4b428a80a828c29e63145c7eb406200829fa473ae40e77c055f45071d4cacb02c8a59c87969ecb0dc3f7a7e97387bc0ecf34d080ede36b18951fd

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral3behavioral4