Extracted

• • Target

    cf32a7fab4126b3fa275f8b7e714dcdbe4ab261514d103b1bf8001aa6a065732

  • Size

    9.3MB

  • MD5

    815823e16ee4a96284e4a57c7f8ee452

  • SHA1

    7cfd6b8f86ad0b3c6856382ed193d9861851f73f

  • SHA256

    cf32a7fab4126b3fa275f8b7e714dcdbe4ab261514d103b1bf8001aa6a065732

  • SHA512

    31a406964d2128d6a9136551b5858fc132582c829128905f8fdaab2455cdf129f3e5f394a22450482e89475c3989ba6e6e95932079fef11aa150580a2bc0f63b

  • SSDEEP

    196608:3BicJE0V9zGC1A0efyvd7v54Kc1yANL4oVEWkDlLxlJ:3HJE0eC1A0egQ4AV49DD97

  Score

  10^/10

  fabookiesocelarsdiscoveryspywarestealervmprotect

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars family

    socelars

  • Socelars payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2