Extracted

Extracted

• • Target

    setup_x86_x64_install.exe.bin

  • Size

    3.8MB

  • MD5

    f8e67dea6c5f615bf26f4f81a74e61b1

  • SHA1

    12f971977bfdcc530008ceb9d62cde2402101094

  • SHA256

    f293d2c8a9024e2f3ad715b4bf4918b036b9d1955bf984024e8b3511369bb713

  • SHA512

    03066d8ce13032604cd2c6ace2cc61091d52d46bb4d260c6182869f5d9069b37bf9b750949671967a37caf3fd114be3a4d060759271e0d4fa5c2e8220e1d19c3

  • SSDEEP

    98304:yDyC6Q7U+6IJlSECKL6JqAdif5anU1i3cb+lilFvtCo:ymMz6wzMqAdEGUlj

  Score

  10^/10

  fabookienullmixerprivateloadervidaraspackv2discoverydropperexecutionloaderspywarestealer

  • Detect Fabookie payload

  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie

  • Fabookie family

    fabookie

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Vidar Stealer

    stealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1