Extracted

• • Target

    6b7c0aefac658e3b104b8e0a56ce9d66c4e1043d1383c3f5a68e57b9167b1177

  • Size

    1.3MB

  • MD5

    3286d2d7dd3441fa833e4f94986675e3

  • SHA1

    5e9943e7baf5669d708881e562e298a9858aa526

  • SHA256

    6b7c0aefac658e3b104b8e0a56ce9d66c4e1043d1383c3f5a68e57b9167b1177

  • SHA512

    f494ea05ec5dd154794ffffc6821f7b44191b5b6e472cdc0b70ddd05cb6fad7e425e7792ae1210ec2982e312abee9d1cee7945f426bd2df9ffc5c32e908abf68

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2