Extracted

Extracted

Extracted

• • Target

    main_setup_x86x64.exe

  • Size

    5.7MB

  • MD5

    d241c70e1db8676e48c9c02937b2a589

  • SHA1

    45f2b455c72040798fd92801e28dd5c154be8e8b

  • SHA256

    36a7bd10bbfbb3998773c4822e1813b4f4bfb33e65a008241c35116e19dae52c

  • SHA512

    5b376da38f0361a672ac3ac4c1fe0ec66ed3642fb591ade7fe4f400f7ad3c1affe440a4b243d036e4e58ed131df43376ff5e2b6c1b733a43cf4e68dd752f7072

  • SSDEEP

    98304:JEp59qaoFjCCtIJ89NG67vrPqTxSMcEeeZ6eDoPKXLcj:JEpKaoRw89kOrSTWLeDNXI

  Score

  10^/10

  fabookienullmixerredlinesectopratvidaranicanaaspackv2discoverydropperevasioninfostealerratspywarestealertrojanupxprivateloaderloader

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Vidar Stealer

    stealer

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2

• • Target

    setup_installer.exe

  • Size

    5.6MB

  • MD5

    0de8943eeed1e068cfb1f8174eb4777b

  • SHA1

    8c9616d1c945fbddfe2093f2bc50408f53e59c19

  • SHA256

    8869188aa10bb2230b54eeaf867d45700c10f5eb2d2cf20139187cac10372231

  • SHA512

    637a07bc552cd0b30b820c32c0ebdff3451b25b8b83bfd65d5e924f4b9ba20ca75af48d5dbe5f16344128dc915d5fd3efe010d0270baf98b044570624444cd1f

  • SSDEEP

    98304:xI9eBSJ4cb13SCpPnmb+IVmK8Cnc1436M8qj8skXg1IPL+29CvLUBsK80:xI9e5cb15tnmCIgKHnc16aq1Kg1IPLzd

  Score

  10^/10

  fabookienullmixerredlinesectopratvidaranicanaaspackv2discoverydropperevasioninfostealerratspywarestealertrojanupxprivateloaderloader

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Vidar Stealer

    stealer

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral3behavioral4