Extracted

• • Target

    IMG_6110.SCR

  • Size

    920KB

  • MD5

    a7f29df168c669851c1979dbc41c95b2

  • SHA1

    46d9da6397c063544cdd8dc9b9f8a65142aefa40

  • SHA256

    bc6a63b07a18d95278dee0e0d77c1e91d4a80bfca9732f030ce069894f610b14

  • SHA512

    79c92ba1352bff8f8f705b325a91196c867d45939ecf2bafac386c192637990d8a212d52b31bfb249794c28c1d1bee0c663ba827983b2fbb803271ca3446d0c6

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2