Extracted

Extracted

• • Target

    PI1009372PDF.exe

  • Size

    892KB

  • MD5

    029bc6a7b0e7987195c6b17fa6887b1a

  • SHA1

    fe64df31d6a55dad031e6d4c73173df61d56590c

  • SHA256

    1b59de7a97df74d5e59c0f02697e9ae4e9391a01998de6baf4c937bdf2f678f5

  • SHA512

    7a42d6ee3334a78abfe98bf662f6b5cf732f408544ae8dc1e006f295434171e1b1b682f8cb93718113cce9e9e316049ddbc7b291651416f7b161ede547f4feca

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2