Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    JaffaCakes118_8d56d00ad730a23120a212117c8b51c6

  • Size

    3.5MB

  • MD5

    8d56d00ad730a23120a212117c8b51c6

  • SHA1

    a81a3742c0958a058228dfb7255d55bde70e9a52

  • SHA256

    5d86482c0ce206a289fe78c9e455c4fbab8a1268feb24a40812f972a4b988dfc

  • SHA512

    63020442ad9fb0ab1f96981c845759382939e5fb61a56456b8f2460d61bdface11e5b163d24a3e87d44fa4005dc0e335217f7e7459bffe3af1ac27bc51c12629

  • SSDEEP

    98304:JDgLBluDfg9t3hOpvKHXOhczp0fC6bSRcJ:JDSHSg9t30pvQXkwiCjs

  Score

  10^/10

  fabookienullmixerprivateloaderredlinesectopratchrisfucker2media21aspackv2discoverydropperexecutioninfostealerloaderratspywarestealertrojangcleaneronlylogger

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • OnlyLogger payload

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    setup_installer.exe

  • Size

    3.5MB

  • MD5

    fc3533e313c49ffe6437e82a2c619d7e

  • SHA1

    1778cc5277b8b7691fee1a70f3202fdc12c9f233

  • SHA256

    87b0c1c46b84d57c0255929e6599bf70bcd76d9d9db47d70c65b764c7f4c90b7

  • SHA512

    06f51c5972dae3775fac8aa3e0af0ecc87702c620fb82baafc287189e671a3f35d59f4c2dde6332394324b43db1afe57915ccd06037a5bb511ce8db0b3bcfa98

  • SSDEEP

    98304:xoCvLUBsgYoi8MssUe5imt854EMhM7DLPwQLF:x1LUCg3tMssVFtY4E3HbwsF

  Score

  10^/10

  fabookienullmixerprivateloaderredlinesectopratchrisfucker2media21aspackv2discoverydropperexecutioninfostealerloaderratspywarestealertrojangcleaneronlylogger

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • OnlyLogger payload

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral3behavioral4