General

  • Target

    f403e5db7055c16c5608a7c5c5e8d72541f88a83720b84f6ee2a8ed7212f75a8

  • Size

    6.4MB

  • MD5

    1384f5282e8bb65c9a3e75b7d9fce5b0

  • SHA1

    16d60806f4c35b942db7e2b9ff0004d4771db020

  • SHA256

    f403e5db7055c16c5608a7c5c5e8d72541f88a83720b84f6ee2a8ed7212f75a8

  • SHA512

    2de310d6b17c0ac135d313d344678600ce3f6a7c0d5c30bf9c45548057ce1c22a656020b1d79267200dc39627ddd98aeeaec217084a8b3ef3db9b6a16cb468eb

  • SSDEEP

    196608:UghGNXvUq+4HXquT0/0Jw2kRw/2DHlGmC:9G1vUqXnIi/2JGmC

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://45.144.225.57/server.txt

http://wfsdragon.ru/api/setStats.php

2.56.59.42

Extracted

Family

socelars

C2

http://www.kvubgc.com/

Extracted

Family

nullmixer

C2

http://soniyamona.xyz/

Signatures

  • Detect Fabookie payload 1 IoCs
  • Fabookie family
  • Nullmixer family
  • Privateloader family
  • Socelars family
  • Socelars payload 1 IoCs
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Unsigned PE 20 IoCs

    Checks for missing Authenticode signature.

Files

  • f403e5db7055c16c5608a7c5c5e8d72541f88a83720b84f6ee2a8ed7212f75a8
    .zip

    Password: infected

  • 7zS850A099E.zip
    .zip
  • 7zS850A099E/61e74fd2175cb_Tue23956aa60ed.exe
    .exe windows:4 windows x86 arch:x86

    45fe5822046ff7812ee6d75a954da51a


    Headers

    Imports

    Sections

  • 7zS850A099E/61e74fd3252fe_Tue23df2ad021a.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • 7zS850A099E/61e74fd41f841_Tue2365aa82b7.exe
    .exe windows:5 windows x86 arch:x86

    3ade983c905c6a7a383de9b58bbbf414


    Headers

    Imports

    Sections

  • 7zS850A099E/61e74fd53f766_Tue23ec97445e.exe
    .exe windows:6 windows x86 arch:x86

    5f7ff46e2455151e54d09d2ee5a3df5a


    Headers

    Imports

    Sections

  • 7zS850A099E/61e74fd78769f_Tue234b6c24d9a0.exe
    .exe windows:6 windows x86 arch:x86

    d69e4c13e25f0ad622344ac56118c0df


    Headers

    Imports

    Sections

  • 7zS850A099E/61e74fd8ef830_Tue23593425095.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • 7zS850A099E/61e74fda51500_Tue23260baecb.exe
    .exe windows:5 windows x86 arch:x86

    3ade983c905c6a7a383de9b58bbbf414


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7501ab629f_Tue23c4645058.exe
    .exe windows:5 windows x86 arch:x86

    83f26d2c85df5b461fefefa1db9ec0a1


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7501b7eabe_Tue2344597f.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7501c830d6_Tue23bdf4712a32.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7501db65f3_Tue23c7b395c3.exe
    .exe windows:6 windows x64 arch:x64

    23e911f9a82ac0d345fa6cc9104b6bf4


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7502b8389b_Tue233252e9.exe
    .exe windows:5 windows x86 arch:x86

    83f26d2c85df5b461fefefa1db9ec0a1


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7502c4cff3_Tue232cba58c.exe
    .exe windows:4 windows x86 arch:x86

    ac78b5aff1d236e27676e7ea095afca9


    Headers

    Imports

    Sections

  • 7zS850A099E/61e7502f007f3_Tue23d6fecf8c.exe
    .exe windows:6 windows x86 arch:x86

    b916c00d171a88669a6bbfecb4a2fab0


    Headers

    Imports

    Sections

  • 7zS850A099E/libcurl.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • 7zS850A099E/libcurlpp.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • 7zS850A099E/libgcc_s_dw2-1.dll
    .dll windows:4 windows x86 arch:x86

    04f9a5136edc374e78bc81dc8b0d07af


    Headers

    Imports

    Exports

    Sections

  • 7zS850A099E/libstdc++-6.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • 7zS850A099E/libwinpthread-1.dll
    .dll windows:4 windows x86 arch:x86

    fc24104becbbff1210c7fd71e49c8b5f


    Headers

    Imports

    Exports

    Sections

  • 7zS850A099E/setup_install.exe
    .exe windows:4 windows x86 arch:x86

    f9fc0ecba4bcf3f4eadacd9b358488bc


    Headers

    Imports

    Sections