Extracted

• • Target

    550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff

  • Size

    905KB

  • MD5

    060cbc77c20d140b7ad9f90fd58d45c3

  • SHA1

    f39d0f1ecb50884c69e81b2fd8f66c4b1d5c5cf4

  • SHA256

    550615c0ae5984a323c65110142b7730c87cd0b4bdc6ff13052983ba8a6ec7ff

  • SHA512

    525b3beb849c77b132eb77ea1424605b48d5406a5f93a7f10a13b7837e8c7f363ecca7a7b71169114386679a4dc98077a372461dbf43e062c56e116b4f350fe1

  Score

  10^/10

  massloggercoreentityransomwarerezer0spywarestealer

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2