Extracted

Extracted

Extracted

• • Target

    Daily report 2_pdf.exe

  • Size

    861KB

  • MD5

    8a1fa311688ba41e6282226bb02d73a2

  • SHA1

    8ba23c07edef3e0302820c811ae56705665ff12d

  • SHA256

    8bc95f1ba65bf54858a20c62bf09e9e39027f8be74369c25401b5e4503b1b553

  • SHA512

    1e51ee35a7da4fd7ac18c0781772260958f8e7e63694cd4b3b5a6367af34bbe8464b08620b8f2d05840ae5ec7fb1e43dccd9c8e2399ecd2c5e3c0bd791f29a50

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2