General
-
Target
f7f9aa3bec4a730d22747f727e905079_JaffaCakes118
-
Size
4.1MB
-
Sample
240926-kgfqraxckq
-
MD5
f7f9aa3bec4a730d22747f727e905079
-
SHA1
7839d75a518b6b850a7ec13487fcb19d2be2a00d
-
SHA256
56080f5b7ddd174f678fc243fb389b93637e3f99ae8e20a164c3ca2f9158bb44
-
SHA512
65bc0e5406f056a303afa7b808a916d355d910a507248d40361e69438b55cb7fc769ce71194633fcba380c6956165a4f991c7c8290a27a48b98af5032273ab8c
-
SSDEEP
98304:h1a6mKwAF5UlV0Od/81tOgBa1UXVqwrywR5Kej90H0:h1gKwsOmjk+j9
Malware Config
Targets
-
-
Target
f7f9aa3bec4a730d22747f727e905079_JaffaCakes118
-
Size
4.1MB
-
MD5
f7f9aa3bec4a730d22747f727e905079
-
SHA1
7839d75a518b6b850a7ec13487fcb19d2be2a00d
-
SHA256
56080f5b7ddd174f678fc243fb389b93637e3f99ae8e20a164c3ca2f9158bb44
-
SHA512
65bc0e5406f056a303afa7b808a916d355d910a507248d40361e69438b55cb7fc769ce71194633fcba380c6956165a4f991c7c8290a27a48b98af5032273ab8c
-
SSDEEP
98304:h1a6mKwAF5UlV0Od/81tOgBa1UXVqwrywR5Kej90H0:h1gKwsOmjk+j9
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-