Extracted

• • Target

    bb8d3a66ecd0ba5f13e77d65445f34b252dd1382b44b30f5447cd599655907be

  • Size

    923KB

  • MD5

    22a544c96d4373c1bb70ab10616d6dfc

  • SHA1

    24d6958135e39dd8ac536ebc6385f200566cfa11

  • SHA256

    bb8d3a66ecd0ba5f13e77d65445f34b252dd1382b44b30f5447cd599655907be

  • SHA512

    9530ec552ef5380087161157530f5d9b5c8640d656e962e733b7c94cfa646e1f861cccbcb6a4cd583801e5d4a6b258a2a931b28f07edeb353b6eb8ba223947f2

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2