fabookie

General

Target

a875620b019fdacc8a7ee2ce19d82ad9
Size

3.3MB
Sample

240227-g8x8bsad58
MD5

a875620b019fdacc8a7ee2ce19d82ad9
SHA1

1c57f5242e42f536470ad82b56881f2fd6347987
SHA256

9bb77fb3b462b7b52694f0326b83b4f0f47969240e296129cd23da3b2fe98fb0
SHA512

b5ee72fa6aa30ab1bf6f94d25434c8853f609f8333e25ba6d579cc37d3dba11146333763e593925ec9c177ef904ef4c237158b5b81ffcf54f5b8af4677eb8720
SSDEEP

98304:J7ISOiGF7zsEtAU0o5g7rWCAfptaIjBlIgbBM4ocH7uTWRU:JDGFXsHMgmfvlB1F6cHqTd

Malware Config

Extracted

Family

nullmixer

C2

http://watira.xyz/

Extracted

Family

vidar

Version

39.8

Botnet

706

C2

https://xeronxikxxx.tumblr.com/

Attributes

profile_id
706

Extracted

Family

redline

Botnet

AniOLD

C2

liezaphare.xyz:80

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  a875620b019fdacc8a7ee2ce19d82ad9
- Size
  
  3.3MB
- MD5
  
  a875620b019fdacc8a7ee2ce19d82ad9
- SHA1
  
  1c57f5242e42f536470ad82b56881f2fd6347987
- SHA256
  
  9bb77fb3b462b7b52694f0326b83b4f0f47969240e296129cd23da3b2fe98fb0
- SHA512
  
  b5ee72fa6aa30ab1bf6f94d25434c8853f609f8333e25ba6d579cc37d3dba11146333763e593925ec9c177ef904ef4c237158b5b81ffcf54f5b8af4677eb8720
- SSDEEP
  
  98304:J7ISOiGF7zsEtAU0o5g7rWCAfptaIjBlIgbBM4ocH7uTWRU:JDGFXsHMgmfvlB1F6cHqTd
Score

10^/10

fabookie nullmixer redline sectoprat vidar 706 aniold aspackv2 dropper infostealer rat spyware stealer trojan upx privateloader risepro smokeloader pub5 backdoor loader
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Nirsoft
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  setup_installer.exe
- Size
  
  3.3MB
- MD5
  
  e8404a9c4ef1c31436ed92fbe943fcce
- SHA1
  
  a0c93ff55c51a94f547b7228f9107f3c78e36f9e
- SHA256
  
  83de369e8e08d0e78a159669bd93cdfd45693408e3a35bf06d8b368999c45131
- SHA512
  
  3072ab78b47be7af6866bfcb71a848168ab0b9c6113ecc763a5a85eb1c360307a0123ebb949435127f2b3982b1646533beb497acbdc87eb3d020746ba47c5ee3
- SSDEEP
  
  98304:xfvC21jFJo1fQEDBcm9HIEWs0jDcZ1VCvLUBsKE3+z:xfr1RJStmE70jIZ1mLUCKdz
Score

10^/10

fabookie nullmixer redline sectoprat smokeloader vidar 706 aniold pub5 aspackv2 backdoor dropper infostealer rat spyware stealer trojan upx privateloader risepro loader
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Nirsoft
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4