Extracted

Extracted

Extracted

• • Target

    7b243fdb0e70c99ea3801a57b9916d61441ce66197d763246d9ef0f432c6812b

  • Size

    10.8MB

  • MD5

    97436c741eddd9af54aafb15a62e3129

  • SHA1

    73e97cbdb33acdb6b957bd8e6549d62be0d7b559

  • SHA256

    7b243fdb0e70c99ea3801a57b9916d61441ce66197d763246d9ef0f432c6812b

  • SHA512

    067df592f831e26a0767abff09cc7e36fcf41c1cebddf3e1515ab7d8bfc31d9527d03c09d00347e6b506ecae65ee9c24feb82cdf9b1c78581592ba15e26c1f30

  • SSDEEP

    196608:MCQmGCXM5YPyZf/d4PQqKCQmGCXM5YPyZf/d4PQqP3228zP4bgkECeT:kvCcKy/d8IvCcKy/d8N+74sMe

  Score

  10^/10

  fabookiegluptebasmokeloaderup3backdoordropperevasionloaderspywarestealertrojandiscoverypersistenceupx

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Modifies boot configuration data using bcdedit

  • Modifies Windows Firewall

    evasion

  • Possible attempt to disable PatchGuard

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2