General
-
Target
51c48c7883996041dc09085e6c411cf5_JaffaCakes118
-
Size
4.1MB
-
Sample
240517-18tppaea97
-
MD5
51c48c7883996041dc09085e6c411cf5
-
SHA1
05b087ecc02d3c3c14335938477a2e89892f98af
-
SHA256
d645b822e10ca959eea7043b304a63f29e4ce3b07a4db816cf6342464c4d8b53
-
SHA512
73e032bd494b34f63d0745a5a186b5af2ea652f2d85ec11682ae597b7f857e410dc917ce41260b5fc9056bc2ff27ce17b9decde921b4cd53c6667c538ba9eac1
-
SSDEEP
98304:3Qo9V+tPT2ZZOgPPaQM1sJ7yBxbnYVd+NOOgmcADNI09:3Qo9M52ZZOyaQMCJmBRn+d+NwAB
Malware Config
Targets
-
-
Target
51c48c7883996041dc09085e6c411cf5_JaffaCakes118
-
Size
4.1MB
-
MD5
51c48c7883996041dc09085e6c411cf5
-
SHA1
05b087ecc02d3c3c14335938477a2e89892f98af
-
SHA256
d645b822e10ca959eea7043b304a63f29e4ce3b07a4db816cf6342464c4d8b53
-
SHA512
73e032bd494b34f63d0745a5a186b5af2ea652f2d85ec11682ae597b7f857e410dc917ce41260b5fc9056bc2ff27ce17b9decde921b4cd53c6667c538ba9eac1
-
SSDEEP
98304:3Qo9V+tPT2ZZOgPPaQM1sJ7yBxbnYVd+NOOgmcADNI09:3Qo9M52ZZOyaQMCJmBRn+d+NwAB
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-