Extracted

Extracted

• • Target

    PO_01456.EXE

  • Size

    892KB

  • MD5

    eaa8776e7fe85e8f5f8e240a94ff0eaf

  • SHA1

    a83f3d2bf7cc0fe2e47357b3c5588572a0588f78

  • SHA256

    f7ecd0e638cbffb3b985691c57451ea93845e8f16e4003d0f91ba3f02eb54c03

  • SHA512

    c26877bf89520fd98aabf87c926352dc83986cfd1c0dde9740d326642579e19422c970b4f1b634cf5a2af584050af53ee4e3ab0c0db5ea1bd96c73f3f5e6c150

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2