Extracted

• • Target

    ea1c723ceedac998a362db9d383f81e90cd4821ae42749547036247add752a56

  • Size

    926KB

  • MD5

    12094cb754508166c0827e574092eb81

  • SHA1

    2e1a052471e9d2b50dce06908dae7875ca4716b5

  • SHA256

    ea1c723ceedac998a362db9d383f81e90cd4821ae42749547036247add752a56

  • SHA512

    e3dc9b82ef9c854f13b3a1c9cd8265773a46ea9e723780d018f9a20c3dc8751f7cb541b41ae0761110d3a23486aeca919257c8d64511b131e4baab844225b193

  Score

  10^/10

  massloggercollectionransomwarerezer0spywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2