Extracted

Extracted

• • Target

    file_v3.rar

  • Size

    19.0MB

  • MD5

    2907c619308c4994725246f3b335c1eb

  • SHA1

    0192fdeb02cbc07f058efa7873f45554db31d8f2

  • SHA256

    ff2c2ae77e1b00829710601852b7dd95c4db15f332838807605e53bde54692df

  • SHA512

    5ca3a35d6a78ea77afaca931a306c5b3d51a8f96c27294f6112d1d934773b66b03e14435545c18a08afcad1b6cd088eefa18da07b66bc9a437017f4fcc2f51d7

  • SSDEEP

    393216:6QBMC1umf9zyQHvNW0VMLSJg9zWBsoaucPI4Tj9EAqfD6EXFomwSLxvVAl:6g51ugTPNW0+og9zWBsoncPIyEAm6kS5

  Score

  10^/10

  fabookieriseprosmokeloaderzgratpub3backdoorevasionratspywarestealerthemidatrojan

  • Detect Fabookie payload

  • Detect ZGRat V1

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2