Extracted

Extracted

• • Target

    PO-NA0U909098899900.exe

  • Size

    1.1MB

  • MD5

    e66cf867f482d2e6b3ae457fe86bf21d

  • SHA1

    b6f9f39d6ac99a4a88e1b2ba9a9de95bb917ec7a

  • SHA256

    5467d4952a438b7025b7e6661bbc5755b94db5553e4534d2924dd60a9051efba

  • SHA512

    60d110569632970661e226c871e0df2f67853238a580b2f74d5954b0650103ccceb568326ef277686870f970265a7a0f79837ab8b0ba83c68e50f1f9fc11b20f

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2