Extracted

• • Target

    Agency Fund JUNE20_Revised.exe

  • Size

    948KB

  • MD5

    cfdd2d3dc883211f7a6f934e4b295714

  • SHA1

    e7deccd6d0685263d69a4cdff890baa0865770b1

  • SHA256

    98ec6884be9b64e2e37a37460bd3d8ca770f2ef2d1d5cd4b6321a01462c8d32b

  • SHA512

    b14684e7d37c884eb2da0066ddf694360a56f279be55f8335985c0a82882b54f39f42e4fd991e77f5e394d6f29b386194365003c6dd048c6d5ed87c2172073a7

  Score

  10^/10

  massloggerransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2