General
-
Target
ba3ceef43bab8a213cc9f5db86925266_JaffaCakes118
-
Size
4.1MB
-
Sample
240618-ajldxatfqr
-
MD5
ba3ceef43bab8a213cc9f5db86925266
-
SHA1
8e9647b2cf5bb3319e53243dbbdafa5acc5b9c6d
-
SHA256
1fac2d89900d8049ceaa38e3d87e185024b902f50f92a993c4290cf4ac2c6360
-
SHA512
b1cc4bf3fc820ad242e63187bf00638ae82723c1e8251c5f204b021441a21bb2162b5cdf17efffdf1111425090be5b13ff7360b2d88938bb9402fd533cf030ec
-
SSDEEP
98304:SQ06XSWWAa5ghU4PYenNlMSGpOAgwpAdnaHDd1sQOghy:hh9a5aJYwlJGse6o/y
Malware Config
Targets
-
-
Target
ba3ceef43bab8a213cc9f5db86925266_JaffaCakes118
-
Size
4.1MB
-
MD5
ba3ceef43bab8a213cc9f5db86925266
-
SHA1
8e9647b2cf5bb3319e53243dbbdafa5acc5b9c6d
-
SHA256
1fac2d89900d8049ceaa38e3d87e185024b902f50f92a993c4290cf4ac2c6360
-
SHA512
b1cc4bf3fc820ad242e63187bf00638ae82723c1e8251c5f204b021441a21bb2162b5cdf17efffdf1111425090be5b13ff7360b2d88938bb9402fd533cf030ec
-
SSDEEP
98304:SQ06XSWWAa5ghU4PYenNlMSGpOAgwpAdnaHDd1sQOghy:hh9a5aJYwlJGse6o/y
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-