Extracted

• • Target

    SwiftSDM.scan.pdf..exe

  • Size

    745KB

  • MD5

    b881533b7b297c09802c0b74adbd2936

  • SHA1

    23e8bcb9a029df6f8ee460eec6ac600459d6eed3

  • SHA256

    0ceca38c78e5862c0d87d4c0dfacfb25fef8310e502415721c35331f1315cc04

  • SHA512

    caa530f0fff257b66b2ae107a8ffdd2df910a24c640559965491e2281a99949aae0761a537ee7bd349b4154f03f27d991435270b09cdb97df0d02e29e8ac4497

  Score

  10^/10

  massloggerpersistenceransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2