Extracted

Extracted

• • Target

    DHL_MAY_.EXE

  • Size

    1.3MB

  • MD5

    0d094405e0f1c07d1af0c62c69f0feae

  • SHA1

    41ca81f1eeea2cb539d5a2b34199d25f47a8671b

  • SHA256

    a16d191db58b4a988abfb3b12098ee3301d84a81d8feba8cb537857a573c86be

  • SHA512

    0afb01e428a105f8fdc342a2e74696ef6040f25fd8777a8962bccc98d5741c7ddc46edf5fd9cf06a6a0bd555d323ee1ed06bf170e3b2eabd4d8e483ce68046cd

  Score

  10^/10

  massloggeragilenetransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2