Behavioral task
behavioral1
Sample
2128-799-0x0000000003340000-0x0000000003471000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2128-799-0x0000000003340000-0x0000000003471000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
2128-799-0x0000000003340000-0x0000000003471000-memory.dmp
-
Size
1.2MB
-
MD5
55c3fffb58fb598ce30dee280b64979a
-
SHA1
2389ab4de42c2663194885412f50dd0987346133
-
SHA256
0190b560a83fe4cc907aa6a63034f0d1b1fe4c57ae818e13a5c7d41ce8c1f335
-
SHA512
446811739bd12b34dd3d9734acc9b7906f42d7845efa9de6a030412e77daf4152e7fb93f25415b8b7458f4b5a5382bdfa90bb9dee5b05e449821f85b1b366813
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAj1ftxmbfYQJZKkPm:7I99DEWVtQAjZmn02
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2128-799-0x0000000003340000-0x0000000003471000-memory.dmp
Files
-
2128-799-0x0000000003340000-0x0000000003471000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ