Extracted

Extracted

• • Target

    74aa9c168ed4ff298ce0d2737342decc9a4ffaf3c03e32965a88e9f6b0ed0144

  • Size

    900KB

  • MD5

    b720141599d9a092ef93bd69ba3d6e3d

  • SHA1

    4718853ced0c3010ad7f8c60155b6b32cee5aa44

  • SHA256

    74aa9c168ed4ff298ce0d2737342decc9a4ffaf3c03e32965a88e9f6b0ed0144

  • SHA512

    e0c6854b51746019e337ce9f23248c4e973f75b7e521348bfd80a545c21d9ffbd5f40e7c368f875625c2c3452c5800bb1146daa9316d4a5159570794ccc4203f

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2