Extracted

• • Target

    setup_x86_x64_install.exe

  • Size

    14.1MB

  • MD5

    7a2b26874e40723a29e02f8b2dbb7a34

  • SHA1

    87b1387fd41e754eda2f80ff89b4fd3f9186c2af

  • SHA256

    f4c48dbf2776baa8a657d47b7040b5369123661cafd2900fe2a3ac003ce6114b

  • SHA512

    26309bd543b40245108247b57dabf6e6f5d2f8b0ad0c5501728f00be91badd283137d886581be81c7011f3a174e21e7a4e546d544feec1dfbfb93be2a23aa7c9

  • SSDEEP

    196608:JHMrpvlT7mifsltrFxbATImprHSdDLf9LviuMMidS6cvhj2ugTezcyEtYlEhK:JQlvqpxMTImKFiO43QSuMeMYln

  Score

  10^/10

  fabookienullmixersocelarsaspackv2discoverydropperexecutionspywarestealer

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars

  • Socelars family

    socelars

  • Socelars payload

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1