Extracted

Extracted

• • Target

    ed7710cecfe874dd2ef6a8cd643da6c7bdbc3bbe0316375091750bea989a6df5

  • Size

    240KB

  • MD5

    a57dfd19e87af999ab02c638262b208c

  • SHA1

    6c2648a2b98c63979d8f212ff237c327b348e382

  • SHA256

    ed7710cecfe874dd2ef6a8cd643da6c7bdbc3bbe0316375091750bea989a6df5

  • SHA512

    9ffbd9df508b06aa51370624e41212475dd4d21075f2c201015538a51e0e8fa7f550c4eba63fbeef930a08d475c29bc9db181531f97dfcc8926ffe23ecbf1eef

  • SSDEEP

    6144:NW5frpxdonyq4zaG2u5AOgeKb4YPEquqp:NIrp0/9u5ieouquqp

  Score

  10^/10

  fabookieredlinesmokeloaderbackdoorgooglediscoveryinfostealerphishingspywarestealertrojan

  • Detect Fabookie payload

  • Detected google phishing page

    phishinggoogle

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1