fabookie

General

Target

35794aedc3c64761d4e13da7f7513001bb12388542ee100c3eb9fe3dba84a484
Size

4.2MB
Sample

241108-aggmyatlcn
MD5

728a0af10ce0b0b2b3ca9219c2f5e82d
SHA1

d6bef079eb7dc53353fdcc95f013b1dabab6a445
SHA256

35794aedc3c64761d4e13da7f7513001bb12388542ee100c3eb9fe3dba84a484
SHA512

e0df0723eacbc9ba5aa14f8be3e89945f1519ea37570054e775d2aacd0d446a1ff86dea49182ebf149712d6ea7fc7d45ed0708bfb1e1c1821d1bc7497f939628
SSDEEP

98304:VbWcoAjSA5qkvj6x9xg/ZLN2KXmZSkOlyVgCJUX:VbWc5q1Ng/ZLNV2ZSkuRC4

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Extracted

Family

redline

Botnet

jamesoldd

C2

65.108.20.195:6774

Extracted

Family

redline

Botnet

ANI

C2

45.142.215.47:27643

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e.exe
- Size
  
  4.2MB
- MD5
  
  b938dc291cb3fb3c927a5e683e191633
- SHA1
  
  44c9f5abfbf5176ae16d68fbe48c5e079efc7547
- SHA256
  
  9265b09595c59007e116c60605c28bd616387cf0dff79c7db8c5880e23cfef8e
- SHA512
  
  1f14f73cf0312884ec69addfdeb798e0b5544cc4769a8db1bdf31ae7bc618c097419f46b35b58832c5b7a6ecfe709c279daaa91c88a9fb2d4948213ef1290293
- SSDEEP
  
  98304:xmCvLUBsgYn1HcgtJodtEz1eDX0q0zMYtLw6alsaJN0+S6ICa/50:xPLUCgYnig7odtEpeDkdMIjalsaHJS6B
Score

10^/10

fabookie gcleaner nullmixer onlylogger redline sectoprat socelars ani jamesoldd aspackv2 discovery dropper execution infostealer loader rat spyware stealer trojan
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Fabookie family
  fabookie
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- Nullmixer family
  nullmixer
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Socelars family
  socelars
- Socelars payload
- OnlyLogger payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2