fabookie

General

Target

3eeb47199704221e7f396fa505af2b09c17daf7d034295a3b8c9777c2ac70f01
Size

261KB
Sample

230917-2rp6lsfe83
MD5

1da58894b51a9e4cb51d346868a821d5
SHA1

c9cfce9fc48ee7c252299475bb6bd940423181d1
SHA256

3eeb47199704221e7f396fa505af2b09c17daf7d034295a3b8c9777c2ac70f01
SHA512

6f206387e0ca4be32fcc6967dea0932a2433112698304f4ae6d1d1bcf4633cb1e8e59618fdce03cd3d22e64d8560c8171c0b031f96ea0c92cd4388dc1587043a
SSDEEP

3072:i2SG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDZGfQgQwZk:iKvJm09zORs+z/TMify9DAOxqQSZcK8/

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

Extracted

Family

redline

Botnet

0305

C2

185.215.113.25:10195

Attributes

auth_value
c86205ff1cc37b2da12f0190adfda52c

Targets

- Target
  
  3eeb47199704221e7f396fa505af2b09c17daf7d034295a3b8c9777c2ac70f01
- Size
  
  261KB
- MD5
  
  1da58894b51a9e4cb51d346868a821d5
- SHA1
  
  c9cfce9fc48ee7c252299475bb6bd940423181d1
- SHA256
  
  3eeb47199704221e7f396fa505af2b09c17daf7d034295a3b8c9777c2ac70f01
- SHA512
  
  6f206387e0ca4be32fcc6967dea0932a2433112698304f4ae6d1d1bcf4633cb1e8e59618fdce03cd3d22e64d8560c8171c0b031f96ea0c92cd4388dc1587043a
- SSDEEP
  
  3072:i2SG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDZGfQgQwZk:iKvJm09zORs+z/TMify9DAOxqQSZcK8/
Score

10^/10

fabookie redline smokeloader 0305 backdoor google discovery infostealer phishing spyware stealer trojan
- Detect Fabookie payload
- Detected google phishing page
  phishing google
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2