Extracted

Extracted

• • Target

    Purchase Order_pdf.exe

  • Size

    863KB

  • MD5

    46f6a9c3798b0a265c883914b575f582

  • SHA1

    ee1ef2e31b27385fe7c419051764c3b7c1872c78

  • SHA256

    7c8962ad0cf0487df0793c34b8bba9b9fbb83e88287afa9761083e3d7b4eda36

  • SHA512

    50a645aaeb3cb5582f12a2f917d939602dc20e3a2020af19b13d1253325f8df45072fd9b184c64870b1a42a8ecbcc8ee6b09ed01b489912e5635d899ad1ee21a

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2