fabookie | 58d351c4724c28b369df9524058ae8b67ae110fd880e6d6ede9d78f9eaa47b73 | Triage

Submit
Reports

Overview

overview

Static

static

3

sample.exe

windows10-2004-x64

Resubmissions

08-12-2024 23:53

241208-3xp88swmes 10

19-07-2023 10:01

230719-l2n4asdb6y 10

Sharing

General

Target

0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5.bin.sample.gz
Size

19.0MB
Sample

230719-l2n4asdb6y
MD5

6ff960b01aff126bd4941ff77f50d450
SHA1

60e310d40576ba293826f4c32497481d9d0d9917
SHA256

58d351c4724c28b369df9524058ae8b67ae110fd880e6d6ede9d78f9eaa47b73
SHA512

4724370db46ebfb6a78583bf81464d8bf87541ecda5d5ca4dbf943771e2ce165299250fa4a1353927cbebfc19d9a564550d00d1fdcb8b7f90ba7b044b087b37f
SSDEEP

393216:srFkLwpwbxtKGnyh+tdtG5JC0vSnTJ7tg1Kjkgj1u9GoFsj9ME:iklxIyyhudt88CQBJIgQW9ME

Score

10^/10

fabookie discovery evasion spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sample.exe

Resource

win10v2004-20230703-en

fabookie discovery evasion spyware stealer vmprotect

windows10-2004-x64

22 signatures

1200 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  19.1MB
- MD5
  
  8ebac20b51430b0cc35cef0bb4343524
- SHA1
  
  d73890138f1bac7f87cbb0137a86b000ca1dfdc8
- SHA256
  
  0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5
- SHA512
  
  0db3f4eb3df46f9811793edd29388fe7c9a36c3c9f94f4f16caaaa70d0a28aa4e8a38ccc96fd57270dab9d23b0313f85aab0808e81c660512bc8abc7d2f90674
- SSDEEP
  
  393216:obnSY7czVZQ+jQ3o3xrcJpuEJsVLDV3EJCP2qzFMlSQbY3hyt:GOVSiQ30xrUQkoFz+qaghyt
Score

10^/10

fabookie discovery evasion spyware stealer vmprotect
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fabookiediscoveryevasionspywarestealervmprotect

© 2018-2024

Terms | Privacy