Overview

overview

10

Static

static

7

f08eebafc5...18.exe

windows7-x64

10

f08eebafc5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f08eebafc57117e85e90572ac0704bd1_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240921-za9gtasbkd

  • MD5

    f08eebafc57117e85e90572ac0704bd1

  • SHA1

    ee0a44d28283210110bd43af410e4dcf12559adc

  • SHA256

    a0a31143210c4b5693a2b56ad3dc115a579a8780c054ca264634cf4eb88a396d

  • SHA512

    e26c2b87ea41904842a96e73849151e2f14e5a2588bdbd9a862aead2bbe4587092a82f52d5ccdc0edc7bea7beada70d27d355fde8b71d596dc22db0b36212034

  • SSDEEP

    98304:tB86bvOdNQ+BOgTfI1xEzWgEbFM7g2vSQMfc2NNynzC:86+NpgxcEpglMf9yn

Score
10/10
fabookiediscoverypersistencespywarestealerupxvmprotect

Malware Config

Targets

    • Target

      f08eebafc57117e85e90572ac0704bd1_JaffaCakes118

    • Size

      4.3MB

    • MD5

      f08eebafc57117e85e90572ac0704bd1

    • SHA1

      ee0a44d28283210110bd43af410e4dcf12559adc

    • SHA256

      a0a31143210c4b5693a2b56ad3dc115a579a8780c054ca264634cf4eb88a396d

    • SHA512

      e26c2b87ea41904842a96e73849151e2f14e5a2588bdbd9a862aead2bbe4587092a82f52d5ccdc0edc7bea7beada70d27d355fde8b71d596dc22db0b36212034

    • SSDEEP

      98304:tB86bvOdNQ+BOgTfI1xEzWgEbFM7g2vSQMfc2NNynzC:86+NpgxcEpglMf9yn

    Score
    10/10
    fabookiediscoverypersistencespywarestealerupxvmprotect

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

      spywarestealerfabookie

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks