6b375c48ad15457b59515cb32a1654772fb18d7f1f5b2921c359975150bd89ef

Sharing

Copy URL

Twitter E-mail

General

Target

Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne.zip
Size

528KB
Sample

250116-xe2xestmf1
MD5

fd393da6ef1eda107461de3d083e0672
SHA1

258ff54463920e639223c40e542253e6e34d53f5
SHA256

6b375c48ad15457b59515cb32a1654772fb18d7f1f5b2921c359975150bd89ef
SHA512

86e082b76f9f9d99a623eefe2b374109728e418f769aa5a49c62c5afb4e43c175229cd809ec2b6c49079fd9556dfcfd756702a3bd59f9d311caeaa61b07ea350
SSDEEP

12288:PQINU1clpaQP2w6sJKW/vrsbd6t1Do7UB6i9w9ZSNQaSRC0MsoJo8DMNZvTU//:YkU1clpaQP2w6sJKW/vrsbd6tJo7zizt

Score

8^/10

Malware Config

Targets

- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne.zip
- Size
  
  528KB
- MD5
  
  fd393da6ef1eda107461de3d083e0672
- SHA1
  
  258ff54463920e639223c40e542253e6e34d53f5
- SHA256
  
  6b375c48ad15457b59515cb32a1654772fb18d7f1f5b2921c359975150bd89ef
- SHA512
  
  86e082b76f9f9d99a623eefe2b374109728e418f769aa5a49c62c5afb4e43c175229cd809ec2b6c49079fd9556dfcfd756702a3bd59f9d311caeaa61b07ea350
- SSDEEP
  
  12288:PQINU1clpaQP2w6sJKW/vrsbd6t1Do7UB6i9w9ZSNQaSRC0MsoJo8DMNZvTU//:YkU1clpaQP2w6sJKW/vrsbd6tJo7zizt
Score

8^/10

microsoft defense_evasion discovery execution persistence phishing
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-App/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  6035dc423584cf3fe992cf05316bec93
- SHA1
  
  77b72bcea937f7d531fb5d7c3e702eec50eb92f2
- SHA256
  
  3602e4080b9c56501ae359022a5be90d9c7361b232e8791898106d7eeec98ad0
- SHA512
  
  4c60bffb5f1f7c5e80f5b5fca02d2998d09a8f36108a6b88ba80c15f15add80b2f433b08a569c2e657c84a779b6e0b31222a31ce4520ddfac9b436f44ee7495b
Score

1^/10
behavioral2
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-App/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  c07716633f086d91759ae32a18996a1a
- SHA1
  
  bf3383c20acf6e64ce49f120938456161e5f6cb9
- SHA256
  
  4e124f5a7694ffe813c60601b1b73c53e47536b1f1c0e798d4d55bfc2ca3774f
- SHA512
  
  c6ad0ec603ff69d2d1b787db9426f29d44ea1ba45cf1d2b7ec41cc2bd6d5c93af8d2299139cc1c5d10d56718f36daa37d544f8d5411fad91a72efc2e70454cdf
- SSDEEP
  
  96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFE3qxdRMvDTursrbLAy202W:Zf+tLPfYnLvFVOiFQaUR6
Score

1^/10
behavioral3
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/EnergyCounter.cs
- Size
  
  4KB
- MD5
  
  d3792faca342256b1622ee171638e082
- SHA1
  
  bf9d181f3574cc2b73ecd28d6f8dbd6cbe06a297
- SHA256
  
  2f3156a7bf4198433969eac2c505fa37549ca218190eec4843af0c6a632e831a
- SHA512
  
  1d773cccfb2207516fce3c0c76affd759312695ff9cd7153a437aebb0219508854aebdc52b9a9af9291f1377e1f9b0822ed14e9f14be719ca6a4a53099526700
- SSDEEP
  
  96:Jj4Y4GXzv26KV7Bu9+wI1EUQb7tOhdrVwY356UM1BJma6SddL:ij2+PQ9+wIGUQbxOhdrVwY356UMjJmad
Score

3^/10

execution
behavioral4
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/EnergyHelper.cs
- Size
  
  3KB
- MD5
  
  c59eed207291ac5bfae9fcfbe24f067f
- SHA1
  
  369797d6a6e35bdf9e914a054806fbbd5cd7c332
- SHA256
  
  09f5e0a481ac24261b5161a1bdd96c634ccf447ada45fd741c957277f7702315
- SHA512
  
  3e6ffd0e2253813f17b25f3a923ab4d5c762d48df062064068e69b1c5145e1b491e33d69bf1a31a8b4b1cd3874dffb955a9c5f8a3438d3d679a3b13ca737bcd5
Score

3^/10

execution
behavioral5
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/HotKeyService.cs
- Size
  
  1KB
- MD5
  
  4c1143f3b6489501ad554bc862ae9707
- SHA1
  
  ed20facd3ec69d69f4b8f4db99d8f5b3afb54662
- SHA256
  
  8071ed62c72cffa47b2ba6919c2fc9dcb4f31244d3c6712106d5d53c0c23d67e
- SHA512
  
  ad51a760e138bd620d07b633141e88095805e929e220db38a2ba62bad93603d9b4a6fd9395d2b18d79c2d9391b34b00a7868d830d0e9bc2cb2ab864c6a8bf9aa
Score

3^/10

execution
behavioral6
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/HotKeySettings.cs
- Size
  
  8KB
- MD5
  
  cbbaed8e87fe2dc041ac3256cdcfaa5f
- SHA1
  
  2ffb527c47581d214fd56a485e09ed038639f090
- SHA256
  
  9caf06527fc7848fada72f5304ad2b6589a0f121330aa911e21ede4e64f9c256
- SHA512
  
  4233f3cf4946acd3356af32b101e0026de8657fc2e5a0d15c6e37bfad811835d291b97c1543279b432f5102db268b8eccf1ec216fd67b3506b43566797d88bb5
- SSDEEP
  
  192:yj2+5NjCRENmzojzoRzoMwzo1zo6wzo6XxQDEHtKC6uioxyZV6uWoxyzb6IPoxyL:yj2cSdkyrXDGhzXP4W0GVXp
Score

3^/10

execution
behavioral7
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/Properties/Resources.Designer.cs
- Size
  
  8KB
- MD5
  
  8a00970e055c97e3d2e1d1dd1939240b
- SHA1
  
  f5eba46b02ca47d4b99ac812a7c7e7fbe15ecc6d
- SHA256
  
  681eefedfbe558801869f10f276cb355335eac4e526bb5201fa7d0946455e219
- SHA512
  
  32da291ee2c7725f961dd8a5e04bc2c76ddd31cf97b1626dc36be60574ac93c57577ceb103fd14f45a4b620267238c91573f7ca88808d54dddaf3ed05632a10c
- SSDEEP
  
  192:agqwsxZ1iPy5U1dotyCWazayCWSzayCWKzayCWazayCWGzayCWMzayCWyzayCWKF:agqx1a1YWaSWSSWKSWaSWGSWMSWySWKF
Score

1^/10
behavioral8
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Fableborne-Counter/Properties/Resources.resx
- Size
  
  9KB
- MD5
  
  c693350c0b5f204d65dd5f6311296323
- SHA1
  
  b05cc7cff1060d8ddc08130d5411eb4f2afae012
- SHA256
  
  7bead364272eaaf828c76311bc1dc94c406d01ab98ca532bdd962d0ae6fcc912
- SHA512
  
  4f5859f057363b851d1e56631a0b8d3645b960b02d270a84a71ce57c9e90387c2b4e3e78123075172548f96918b6739608e395c12f7aa91457ca273c75bb3530
- SSDEEP
  
  192:Zf+tLPfYnLvFVOiFQaUD7UgX/okw9wcokw9djokw9+eokw9eOokw9YEokw9Saokf:Zf+tLPQnLvDOiFQXD7Ugvokw9xokw9V3
Score

1^/10
behavioral9
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/NosTaleWindow.cs
- Size
  
  3KB
- MD5
  
  dab0e26544cb103bd5d1b0500a0b2631
- SHA1
  
  096f152dd41b3af7bda899db81e55ef5f2a1c2be
- SHA256
  
  64fb20aef65b2454488d3ebc8df68ba360dfbbb7eec681d8fd32ad55339940bf
- SHA512
  
  a945b5cd49c57bc87f7fad015894a7a79e9f99eae061aba410a3d6a270b779c5b7c7ab42e0332f7875723353ecb1df1a7fceb45c46cb2eb5c4c94d8e91eb3568
Score

3^/10

execution
behavioral10
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/ViewModel.cs
- Size
  
  4KB
- MD5
  
  b536874b01759a89152dff75dee470a1
- SHA1
  
  37a2ceaff49d1ad52cf80415eee4abdeba5fb4b3
- SHA256
  
  4b834151d494753d66cd8e3d9dc77b97f8055eb4305a84c6a33f26e277c5f3ad
- SHA512
  
  9ebfac7a5f683a4717d1a3ca435c12c58d00aa3cc08a77d9f59fa97fe97a4e7b26463afc6f36d80001dd06b2a4e08b19fb6a134c0e5974a6aeb6f01c227829b0
- SSDEEP
  
  96:Jj4Y4iA4G4s26+KgINLiZoLImyUrlzftCUWwtUWEGti8kB0Szl8oL2qlLvCcETu:ijkRh/MiZ4ImyUp7t5VtxHti8XSJ76q/
Score

3^/10

execution
behavioral11
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/install_ubuntu.sh
- Size
  
  902B
- MD5
  
  09f338a06bb9c3ec60cf56ba4dcfc162
- SHA1
  
  7de04dd2964276ab0e1fe43f1fab28d0535dcdcd
- SHA256
  
  cbbc9ab4a7333607eea41bd4e7d095aaaaadc05d487b206891b889ca395ad774
- SHA512
  
  a280fccf05d91680bae8bf3ab800448ef9385caf2d8650d310e55498c1545756cc7f542fa12605dfe831c7d39cf299ba4f82851aafed7b61c34cb829d09f891f
Score

3^/10
behavioral12
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie-bot.py
- Size
  
  38KB
- MD5
  
  4004cc62f8073a5a48fdde33567a3e9f
- SHA1
  
  d7410b3cf128ae4b4201de8e541a1964397b33c8
- SHA256
  
  53dac2dbe07c23821af75a683476bb5be798611313aeb12281e71bf667aeb4d5
- SHA512
  
  d925ed585bfcddb02f49379a414d1516febad068984378e091693ccf9c1ae7f59aa944ca8ee8b7e7e1735a62b8f68a12084d83d78efd3d478a5071920c362944
- SSDEEP
  
  768:t5Lwxz+nTEAGHTep/G3t3CkbR/y3/VyNkNNCHCit5vrF:t5nEe/G3t3CkbR/y3/VyNkNNCHCit5vB
Score

3^/10
behavioral13
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie.py
- Size
  
  40KB
- MD5
  
  206628972407405f3c8e1e9e672be8dd
- SHA1
  
  4500ada0a8d9532b21f6c77c84cda1f3a575341f
- SHA256
  
  320f7e662f44b40a6646219e3eaab95a43b1766b8e32982c2526dc31836923bd
- SHA512
  
  db4929a5eb133c5080fbfe04cd3287d4a88cc4ac2db5b738fce2aeb9c3d656927601cf3a617db1831a2e8b939b3aac4561cbc6d2704f363562af722b5315a7f9
- SSDEEP
  
  384:/1EfolBSHtiIXLv4M3maJpBpX8V/jSrOiHggI2YXixEPUleMt2xK:t2oeHtiIXLvppBpXE/jSKiHggI2hEcf
Score

3^/10
behavioral14
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MVVM/pyaxie_utils.py
- Size
  
  1KB
- MD5
  
  fb78c605372d8cf524cb6e5e3083e379
- SHA1
  
  35a0303eb25566058fa4aeb11f0eaa64fc4ed386
- SHA256
  
  33ae660ddf55df5c29081e2a404b53e8917767595333f9484104889abfb4a9a5
- SHA512
  
  174c44677e5886fb7e6542e88e19ba57735ef83a0b8da63e833d0c0c960c3654fff53d77c92e0ad2826209b8758d60975d6976cde8acff534458bb0fc30eb8a2
Score

3^/10
behavioral15
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MiniGames/Fishpond.cs
- Size
  
  24KB
- MD5
  
  9f398db8ce3a130ccdbcbbb39aff56a0
- SHA1
  
  663c6c53f476e020a7c2bcb1a5cba473e86054b0
- SHA256
  
  bbaa68b8abb927cbdf95931ec330abee8d99977af419010904f6e608cfb0f397
- SHA512
  
  771477c369e3d2915509b01842747f445078f4770acdee38075e0223f87ca4fce476e3eea9e4d3cc55047cf5159fcbd6ca8ca657b0dc2d33ff62167e364003d3
- SSDEEP
  
  768:chF2Qc/oU4baWSX1+NRGzEcYK+LN1x13SdVFlPCThQpDJZOb3YELn:chF2Qc/oFbaYNRGzEcYK+LN1x1CdVFlM
Score

3^/10

execution
behavioral16
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/MiniGames/Sawmill.cs
- Size
  
  13KB
- MD5
  
  fd5b1805255f173b876e8673bef09ed6
- SHA1
  
  009ef449847102b36458b0cc2eb134429c28f606
- SHA256
  
  063b34dcfe41a5ed24535f30ad6924f9a8ff1aa2ae827b09f2f47691dd7f0ca5
- SHA512
  
  b8548d93c45b3c95a7b5993c54696417374b8e57f4209940e03664201658e71b9e724b618c366ac0ba70cac17d7f6d5b90d6c05930257e2486d846ed8b16c24f
- SSDEEP
  
  384:xRs0hF2Qc/6J4baGaxVEW+SN1x13SVlXCThQDDJZO73Of+:cgF2Qc/G4baDVEW+SN1x13SVlXCThQDQ
Score

3^/10

execution
behavioral17
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  496815798d4bb3576c167bedf011e6cf
- SHA1
  
  aeb289c83433dce69c76c905afefebf275103ab4
- SHA256
  
  6c2b33ebc56eecc3670aba1046c5fc2e8d9c39ee082e8838406ac3205c1a1824
- SHA512
  
  5891ffbb893e8f0b54002d2686b298d0d325eea3616e7f8c84cd2c611bb49eb991bb736332f620458d592d106346e1a4579dd6fe4ab963dabab33552539ba534
Score

1^/10
behavioral18
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  c07716633f086d91759ae32a18996a1a
- SHA1
  
  bf3383c20acf6e64ce49f120938456161e5f6cb9
- SHA256
  
  4e124f5a7694ffe813c60601b1b73c53e47536b1f1c0e798d4d55bfc2ca3774f
- SHA512
  
  c6ad0ec603ff69d2d1b787db9426f29d44ea1ba45cf1d2b7ec41cc2bd6d5c93af8d2299139cc1c5d10d56718f36daa37d544f8d5411fad91a72efc2e70454cdf
- SSDEEP
  
  96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFE3qxdRMvDTursrbLAy202W:Zf+tLPfYnLvFVOiFQaUR6
Score

1^/10
behavioral19
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Utils/Images.cs
- Size
  
  3KB
- MD5
  
  f2a2d016357d9bc8805f58a746a1fdad
- SHA1
  
  6b20f291aab1bccd134ed4c80cbb2e52844cf940
- SHA256
  
  12f1cf0a27268b389cc093800d4860d649b5c78f80c446dfea8d7cfb553ce70f
- SHA512
  
  ba352f30be0419f4c30589953fffa79fdfe4ccee6aed2b3f67e69101c50771459f415d21ec6928f84a1d9e4935f0ab8bc6cee081443566deb7422a79ff5045fa
Score

3^/10

execution
behavioral20
- Target
  
  Fableborne-Crypto-Bot-Crypto-Game-Auto-Farm-Clicker-Cheat-Token-Hack-Api-fableborne/Fableborne-AutoPlay/Utils/ReadPoints.cs
- Size
  
  1KB
- MD5
  
  f395be038325fe7326b7836d305efae9
- SHA1
  
  4ca7935bf83d7e095e99e8f0b33cad48b9e68042
- SHA256
  
  c3dc5d7d542642d85fa83a7f532f06d869f0aba1ab741e3ae0b604cbdcd29697
- SHA512
  
  21b86327f95477e07e404b0bbaa31f4cac47158f552c4d1612ee4c0bf2e2c61ebd7de8793b755c70fffb4de8cb38b08bc8ef004154e9cd4ed87480cd705e5ed8
Score

3^/10

execution
behavioral21