Extracted

Extracted

• • Target

    OUR_NEW_.EXE

  • Size

    757KB

  • MD5

    5eecffe3b62b1e5c080028e6c489cc98

  • SHA1

    3fa94eff0cffe3fcad56d7e7b3dbcbac341211b5

  • SHA256

    571ab77f2e5d3069e9b1974cd7548dd28f4cef875b33698b42a846b6057a476e

  • SHA512

    eb79550f367005386cfc94a674a4c735484df3ff35f038401d5f7995bd0a01eb79d81be3c7b1f4c4b4c6a69dde0a5c28a3e81cd038efc843004310cd2d989cb5

  Score

  10^/10

  massloggerransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2