Extracted

• • Target

    kesh.exe

  • Size

    1.3MB

  • MD5

    aff458f89b918aca8c12c638ce8fece2

  • SHA1

    24bddc3fee66de67a6db095ed22033af895e7b41

  • SHA256

    3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086

  • SHA512

    ae8c5e8afcfad1359566dee132b24dca1f8e40d3eadac9302075bb326b10ee7e1de25de3f37957dd7c665b2eb3687afd824b35003918b68e4c83fda7d69ada17

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2