Extracted

Extracted

• • Target

    Request for new order.exe

  • Size

    875KB

  • MD5

    f6e60d4e007049b18de4fb87c38927c3

  • SHA1

    bba2fcd204840b1235dea163bbfeae3a59e3b763

  • SHA256

    495fdf3a95e1f56f9ec94bfdcdafe87a41be371947f24853c18cc98b24a6a281

  • SHA512

    a46e7a014a3dd577a5e9d7976845185c1f45c6c321bf8cd3c364576afbdccbe0fca7b0057f63e13416c81a60a0e63bce9c2e4ce5b26801cb179a4e6a6c62b5c3

  Score

  10^/10

  massloggercollectionevasionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Modifies visibility of file extensions in Explorer

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2