Extracted

Extracted

• • Target

    PI102948.EXE

  • Size

    1010KB

  • MD5

    416247a0ac44f2e1d530ea6be99c8846

  • SHA1

    da61c8696e3084f328ea1b3ce44865dbc59e2f5f

  • SHA256

    9c33a1f6a337e39a99c4480f19e63fbaeee191defcd51c8a908e9af9da8e115c

  • SHA512

    68512855fdc2e1a5dda7ecd82ef8200109492fe87b3fb33571c1c6f5bd8cecf4bd41f33a75ea8662b282c77078fc49c8002f94d69434538859ada583e247cbd8

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2