Behavioral task
behavioral1
Sample
2104-376-0x0000000003290000-0x00000000033C1000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2104-376-0x0000000003290000-0x00000000033C1000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
2104-376-0x0000000003290000-0x00000000033C1000-memory.dmp
-
Size
1.2MB
-
MD5
252a9d5b8722c4f9214b62eaa60a20dd
-
SHA1
7f5fea1c4fa7a827c63f059dc4e5534ae1ce0909
-
SHA256
7a147b3b22f306381448fa40adf35f7743710f6c7e0d397e28bfe5a31115114a
-
SHA512
00f8ffe13cbd9960014cd251f966259ecfa681d66865af4b652e7d2648f1185b1ccdc75cbbaff063551377f61cdad28059136edd88be262c05ef833c06af1b76
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQA81ftxmbfYQJZKfcJ:7I99DEWVtQA8Zmn0U
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2104-376-0x0000000003290000-0x00000000033C1000-memory.dmp
Files
-
2104-376-0x0000000003290000-0x00000000033C1000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ