Extracted

Extracted

• • Target

    df5720b20782c8eb0486fbffa501bf19cf4b95c358d2a631856fbd7a56543be6

  • Size

    239KB

  • MD5

    2308653082b61759ac4f5c42a65fc70c

  • SHA1

    f90e0889a33dbe01d404639cc33466f04148b4a7

  • SHA256

    df5720b20782c8eb0486fbffa501bf19cf4b95c358d2a631856fbd7a56543be6

  • SHA512

    773ccc19a8166e3a1ff70d392c0b589fb8c1723fe5ceb8b3ccfa2d20e97cdc24801ee4ac98d107327d681988c2da856e0bf8e5231f487c6b6e61ad04631c5533

  • SSDEEP

    6144:aY46fuYXChoQTjlFgLuCY1dRuAOwPchWbw8y0:apYzXChdTbv1buQcyw8y

  Score

  10^/10

  fabookieredlinerhadamanthyssmokeloaderxmrigbackdoordiscoveryinfostealerminerspywarestealertrojan

  • Detect Fabookie payload

  • Detect rhadamanthys stealer shellcode

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1