Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    544097d6d935fb1fa603b3028499e1923fa7fd5f01ca3f4e95fdcaf9a428fe5f.exe

  • Size

    3.5MB

  • MD5

    ccab788bf350cfdc5f84d4ffd9d986a6

  • SHA1

    bb6858e873b2463b225ca6031ceb6ae62bd20038

  • SHA256

    544097d6d935fb1fa603b3028499e1923fa7fd5f01ca3f4e95fdcaf9a428fe5f

  • SHA512

    9db67b771f5ce16a29ab7b827863891689ddfa1952d50621a6cad2e4a32adc5b05ebff70d03d5669ec1e96768f65881882b95cf7f14a0404accc01971ae83536

  • SSDEEP

    98304:JDgLBluDfg9t3hOpvKHXOhczp0fC6bSRcz:JDSHSg9t30pvQXkwiCjU

  Score

  10^/10

  fabookienullmixerprivateloaderredlinesectopratchrisfucker2media21aspackv2discoverydropperexecutioninfostealerloaderratspywarestealertrojangcleaneronlylogger

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • OnlyLogger payload

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    setup_installer.exe

  • Size

    3.5MB

  • MD5

    fc3533e313c49ffe6437e82a2c619d7e

  • SHA1

    1778cc5277b8b7691fee1a70f3202fdc12c9f233

  • SHA256

    87b0c1c46b84d57c0255929e6599bf70bcd76d9d9db47d70c65b764c7f4c90b7

  • SHA512

    06f51c5972dae3775fac8aa3e0af0ecc87702c620fb82baafc287189e671a3f35d59f4c2dde6332394324b43db1afe57915ccd06037a5bb511ce8db0b3bcfa98

  • SSDEEP

    98304:xoCvLUBsgYoi8MssUe5imt854EMhM7DLPwQLF:x1LUCg3tMssVFtY4E3HbwsF

  Score

  10^/10

  fabookiegcleanernullmixeronlyloggerprivateloaderredlinesectopratchrisfucker2media21aspackv2discoverydropperexecutioninfostealerloaderratspywarestealertrojan

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • OnlyLogger payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral3behavioral4