Extracted

• • Target

    623e41eaeb69f117691080e4ac4cd1bc.exe

  • Size

    6.6MB

  • MD5

    623e41eaeb69f117691080e4ac4cd1bc

  • SHA1

    dd330ae575e184f8955324a9d7c1e572306ae175

  • SHA256

    fdcf2c12cd0e232689188a7826c6a29e1604a5b98a77cb82690b581c049cd983

  • SHA512

    25104b32809f5cbd9ff22a528f77c90540e99e9d5193eba026ea269357f2e6d5b3ae6de0bcdc9be0dee9ee3a092eb909a3f404f74d33c71d0823107f9c206f74

  • SSDEEP

    196608:jBoKvFpMWN59w86tAWGmKCJWd4IZ82mb5p5xsxu+lpf:jBNvF6WN5i86SWGmpsnZMYu+T

  Score

  10^/10

  fabookiegluptebastealcdropperevasionloaderspywarestealerdiscoverypersistenceupx

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2