Extracted

• • Target

    PO 450400- 13720.pif

  • Size

    1.8MB

  • MD5

    5a6d7f9876c36b2270fe5e99b096f1a4

  • SHA1

    2f458c4ed1d1edf2697bf7be60dc71a8ced883e9

  • SHA256

    e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759

  • SHA512

    a683f3ba4d84d129ffc71a8a6b7136328d15c859a943b57ecec9ce21aff998f68475b5c020bdedc82c488b57861345e703f0bb4ce6bde5cf23de805716ae610d

  Score

  10^/10

  rezer0massloggercollectionspywarestealerupx

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2