Extracted

Extracted

• • Target

    Circulator 27643.exe

  • Size

    953KB

  • MD5

    048b39faaf884a5eae0a72e2325a6fb0

  • SHA1

    fcade786c16cd0af8b5699e57b54a30a7ce08f09

  • SHA256

    7f2a8610931a1f5ff9793dcb854ca01aaa6410fb5b4dc287753c558f1b60eee1

  • SHA512

    b360b817f6df4ac7303df3c8ee4657805780b9660823bbc1cd78ce24df8e6af48d914e3aa06215064f217d903311f6ab52e9cd80e1b2fb83d02ef0439d12d464

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2