Extracted

• • Target

    DEBIT NOTE - SAOFEM20050027pdf.exe

  • Size

    962KB

  • MD5

    ad18e53571ae5be2cc2bd0fafd484da2

  • SHA1

    bf175030caf9f23129a63262d9aa345dab620a12

  • SHA256

    92a7c4b4694b3849c97651e3c5713eedbf3e9a5f157724d6ca9047b05ed0e3d9

  • SHA512

    c1b66d8088c5000d72b3a138493321d1224e14133c3e3f425823b27716fec86012dde25c3037c373c87d5c321c04b57ee4acf6dc588134664bbfb54c5eac9aaa

  • SSDEEP

    24576:TQe6H3aJa0ir1T/tphJqlibPiEj3z1dHK1Wi:E7H3aaxT/Tqlib7z3q1l

  Score

  10^/10

  massloggercollectionransomwarespywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main payload

  • MassLogger log file

    Detects a log file produced by MassLogger.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2