Extracted

• • Target

    DHL AWB 405986998.exe

  • Size

    936KB

  • MD5

    4b0c7e94c712a92bdb4a84ccef01ac26

  • SHA1

    108888e88b8b74ab567874a22abc8513d445678a

  • SHA256

    6f00ffaa9b0fe22f4e8e46fc35998010ecabecac8ffbdc4629e1b59372393a6b

  • SHA512

    4fa45c2246196ef1ccbd68b4329b3d6f79da8a5df79529628edcd6a1a5f7fc7d6f5740bf02f88a33288f6818dbdf221b7cc14731298af6a287fc0d2f04fc62cf

  • SSDEEP

    12288:+Fwj4Jdm9X2I6P3qoJsUkBY7kahSrePdxlqbvPK9DaqEPRCz+bIv/0xRSgHxOt9t:X0Jo91oJES97qlPRg+bIn0XLHxg2Qn

  Score

  10^/10

  massloggercollectioncredential_accessdiscoveryspywarestealer

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2