Extracted

Extracted

• • Target

    INV-COPY##5563164600.pdf.exe

  • Size

    813KB

  • MD5

    b62a4531bcc7386b73107176078547ef

  • SHA1

    ce5eba00036bf8cdd3ba5bbd775a748d28d10871

  • SHA256

    58eb028bec07f54d8878925ad98d3d75002077ba103d387fa15892d250ac1008

  • SHA512

    f53352d49e6543220621e237b23b84365d8f028c0a9ff46eb5633a7f921d23926013b10efddc9a385ee6bbf7c70161c91fe5500fca992182c6118b7a278b1970

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2