Extracted

• • Target

    Quotation_Sheet_PO_including FOB_MOQ.PDF.exe

  • Size

    756KB

  • MD5

    a59a17e0750535499b455d7e2bf4b4ff

  • SHA1

    d659c6f80171c2142aa0b9f0352205ae6a79ca4d

  • SHA256

    c2be817a60ed0f80dc7f6e3e5eafc3db7a7a170e1df0015e2189cd9daecec6c8

  • SHA512

    83bab7d199df6dadc8ca1d8c3cb38bc8cf466309d25ee92b3579ea30eac012154b20c9193367f09441619c0e08a0134123cf89d97972a43aaac42a9bff212354

  Score

  10^/10

  massloggerransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2