General
-
Target
0584f6800c4533fed15172dc1e632f763f109996cbd547322bda14b177b1fe8bN
-
Size
7.8MB
-
Sample
240919-efk17azckh
-
MD5
bdb200d8273ed24b82d573c6a03390d0
-
SHA1
38c899c550dc2ed7419d68019068a3c5000862db
-
SHA256
0584f6800c4533fed15172dc1e632f763f109996cbd547322bda14b177b1fe8b
-
SHA512
abf46241aa2470761bc9da8abdc9c4f9409da8baa14e41886a0b8ca6bc2c1ee79af2662dd9f97bc8519a47b2c482ecae40be2468ddb468e3c4733f8e500becba
-
SSDEEP
196608:4V1FEWiFroH6UWwuSSbUhMu95+AkWDJVMAXuPV+D3jk:0Ko6bU624ApFCAeoDjk
Malware Config
Targets
-
-
Target
0584f6800c4533fed15172dc1e632f763f109996cbd547322bda14b177b1fe8bN
-
Size
7.8MB
-
MD5
bdb200d8273ed24b82d573c6a03390d0
-
SHA1
38c899c550dc2ed7419d68019068a3c5000862db
-
SHA256
0584f6800c4533fed15172dc1e632f763f109996cbd547322bda14b177b1fe8b
-
SHA512
abf46241aa2470761bc9da8abdc9c4f9409da8baa14e41886a0b8ca6bc2c1ee79af2662dd9f97bc8519a47b2c482ecae40be2468ddb468e3c4733f8e500becba
-
SSDEEP
196608:4V1FEWiFroH6UWwuSSbUhMu95+AkWDJVMAXuPV+D3jk:0Ko6bU624ApFCAeoDjk
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-