Extracted

Extracted

Extracted

• • Target

    f278959980ff3dccad6aad448f4dca4034f2832fe85269c0d11b504c270da215

  • Size

    3.2MB

  • MD5

    0ad600b00aa2381172fefcadfd558f94

  • SHA1

    d761bd0ea41910dd981919c2e520b04b3e23b443

  • SHA256

    f278959980ff3dccad6aad448f4dca4034f2832fe85269c0d11b504c270da215

  • SHA512

    92d4561b6793b20293de88bedd36ad4d3c74492b5926efd61588e83f8be8c863a9309596b63ca0591829929f45196f08f14e718163ed1c00e93b04ef844c6ea6

  • SSDEEP

    49152:xcBJt41mYRxKLjlq7iIofckmr0MSPaCn4LcBAjFoj+EwJ84vLRaBtIl9mTQr4:xqomYRyJq5lMPaCmcajmCvLUBsKf

  Score

  10^/10

  fabookienullmixerredlinesectopratcanadomani2aspackv2discoverydropperinfostealerratspywarestealertrojanupx

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1