Extracted

• • Target

    PO.exe

  • Size

    1.5MB

  • MD5

    f512638b09983b315c24199bffae80cc

  • SHA1

    f62de084522901915b43ce766bca6e3a0797cdf3

  • SHA256

    f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818

  • SHA512

    a9566748c0c34168fafc88d2e3c1522fc7d1422266fa65b1beafbc82f45a88394d4ada16104b011e97f5e1396fa745d20bee185dc11447f4ad162e5c7ada48d8

  Score

  10^/10

  massloggercollectionrezer0spywarestealerupx

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2