Behavioral task
behavioral1
Sample
5024-373-0x0000000002E60000-0x0000000002F91000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5024-373-0x0000000002E60000-0x0000000002F91000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
5024-373-0x0000000002E60000-0x0000000002F91000-memory.dmp
-
Size
1.2MB
-
MD5
42064e4fa2ec2da365a361d535268f28
-
SHA1
244f633678589e5b0e0797fa1eda82a93da1f67c
-
SHA256
9a269b0f7faf6ce7c99a407e5d6108724abd93ce54719f824bf477f997445ebc
-
SHA512
ab48358241f3438400880bad142393b3eb98a019b784c1b8d75223decd9fe1bfc0d69fc5991c56e5236124bd8b4d9466ad8942d140fe765c9ea75acbad456829
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAU1ftxmbfYQJZKYe7E:7I99DEWVtQAUZmn0T
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5024-373-0x0000000002E60000-0x0000000002F91000-memory.dmp
Files
-
5024-373-0x0000000002E60000-0x0000000002F91000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ