Extracted

Extracted

• • Target

    PO NOAB1088-2020.pdf.exe

  • Size

    972KB

  • MD5

    e5b79d5699c82c22ac989a739754340d

  • SHA1

    9bd3a38876deb614620f8a9b71e7264d9fd00380

  • SHA256

    a2d04087127197f6a4ae49039fbc2c2dc750ee0fe2d71965a7c675d556d362d3

  • SHA512

    b5216d9b15fc32f937da9438f4fc621327a5ee1eb0481e798b2ae328f090c1c3f9cf1e066f00342c010c0f39d2e75a137bcda2cd6912664fcb7973495bca0f39

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2