Extracted

• • Target

    Purchae required and shipment details.exe

  • Size

    640KB

  • MD5

    6ef86a2fb28358e7aeb510c0aa82191b

  • SHA1

    f81b6ea45f4c1abc82997f36b6ed57649063a701

  • SHA256

    41df7c7f04b04ac0f2eb88f099c9df36f01e11eaff1c189573f49054758d653d

  • SHA512

    2adb642a7ce5e3dc3411c4ed9d368b7e3331ef7340c09b339573ce661fe2a922a1fc61e1b998f795439834de66f33dd470fe86891f3336ef2e7efe54927b3359

  Score

  10^/10

  massloggercollectionevasionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Modifies visibility of file extensions in Explorer

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2