Extracted

Extracted

• • Target

    06b5e8e5108f700f733f029529489055_JaffaCakes118

  • Size

    3.4MB

  • MD5

    06b5e8e5108f700f733f029529489055

  • SHA1

    b36f6095b70c58a7f269e4561056b85a564dd3d1

  • SHA256

    b255f6b269f178c5f63162e16c830cfc772e80ad18b50b62dbe7c5da156b3980

  • SHA512

    06f72e584d6c76ca939dd27dfcda66a01914129cfa8bc86ab36ab72f836523294f0b30b8d64a8016d25e52b5393d80a4dc77eacbe662ab65d21851809730001a

  • SSDEEP

    98304:x018QQd1K6KU/ctlh1OEFVPSTCvLUBsKa3:xk8QQfK6ZYlh1XVPTLUCKC

  Score

  10^/10

  fabookienullmixervidar706aspackv2discoverydropperevasionspywarestealertrojanupx

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Vidar Stealer

    stealer

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2