Extracted

Extracted

• • Target

    be04038c48952454db9742caf48fd077db32aed2650e90786a39a9b1a26ba87f

  • Size

    4.9MB

  • MD5

    0ff5945ced283caa0621bd9e7b087763

  • SHA1

    5cbf68e04eb294c1edcf272fd98d68a2ef139c14

  • SHA256

    be04038c48952454db9742caf48fd077db32aed2650e90786a39a9b1a26ba87f

  • SHA512

    25802856d4cc73dee14a9b96b35f8ff3c0128638a8a1deb7bbbfb3209e9f0161d13c9c17bb7632cf5428dca1a1939be84036fdf473c6c853c783fb22ae66f9f8

  • SSDEEP

    98304:7TedAcQ2Ro3GJtYhkf6zMBiJtpOYs0FA088A1kMfsuG:veCl2RKatUtz91VFAD3kulG

  Score

  10^/10

  fabookiegluptebasmokeloaderup3backdoordropperevasionloaderpersistencerootkitspywarestealertrojanupx

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Manipulates WinMonFS driver.

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1