Extracted

• • Target

    422f3b1774d6e486dcf3243ab8bd4b5a898e74d166c6a085174d4691177a4810

  • Size

    1.5MB

  • MD5

    cf27e337a9d16df3db80e87ad9eb32c9

  • SHA1

    9dad4990845987bb59d6de330239aa1d74705765

  • SHA256

    422f3b1774d6e486dcf3243ab8bd4b5a898e74d166c6a085174d4691177a4810

  • SHA512

    b4c688053bb41b147f5efd40f0a369263c46aba511c2cb33ab3b590216bba77e5263a7abd9956438eb9f9869713a11bcf3fdca54b6c27f776237d41c3c1ab223

  Score

  10^/10

  massloggeragilenetransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2