Extracted

Extracted

• • Target

    e4dff6694f28d833ff1087e64c1498c9c9232abdcebf324bffdcbe322a125bb3

  • Size

    789KB

  • MD5

    b716d85bbaee06cea80c5d5eb8f9d965

  • SHA1

    2c5b15f20d9d698f33a656c5ea76ed372f96f65b

  • SHA256

    e4dff6694f28d833ff1087e64c1498c9c9232abdcebf324bffdcbe322a125bb3

  • SHA512

    b9093c79128bfbe76740de770055c2bc8e5b9cde9046f4f3d5c6e8c86ea47f60cffd1f3ef7c382a1b0e257466162365905c85ced5668264cdcd1e32e18f9a905

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2