Extracted

• • Target

    RFQ.exe

  • Size

    842KB

  • MD5

    43bf47ce9c3b94e284d4b1127ae23316

  • SHA1

    ecd3faede2a34fee58c8b84e297abf217e9b4b4c

  • SHA256

    db18483e4256dc8f3362b52e3474260eeee4a7e7af43c8126200237e5a8804db

  • SHA512

    dfa81578090f56788c7b76bbca564a2c3cfb2e49c6ee83a92a46adc5a57a802950c18368ae1a4df68d4e0b6e3342b2c83d0ebb1b73b4edd93f347d309a891d72

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2