Extracted

Extracted

Extracted

• • Target

    727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945

  • Size

    922KB

  • MD5

    d2f17310913cf9736d2786c2cdc1eaaf

  • SHA1

    aae6b53e291ef3ba6bc853a38419319c28142ba1

  • SHA256

    727f0f9bde4d92d1650cd6745153a610625f2d8138f2a0f8a0a0d3606fc4a945

  • SHA512

    c1e52177e2992e9fb53ebf6bb10b58c4f1874632781090d17f55fd1c5b2703ec3aff523e0ba10651d3ec1c771a6b3b4bebb5ae91a64137c922060bc5570be513

  • SSDEEP

    12288:ylsnnx2dAVuu9i4ytnfZFbZVfV5TjzxTvob43IubL5SnwmadLCAek:gsnx2dAV99i4yttV/33NmNA5

  Score

  10^/10

  fabookiegluptebaredlinesmokeloaderxmrigup3backdoordiscoverydropperinfostealerloaderminerspywarestealertrojan

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1