Behavioral task
behavioral1
Sample
2876-391-0x0000000002FF0000-0x0000000003121000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2876-391-0x0000000002FF0000-0x0000000003121000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
2876-391-0x0000000002FF0000-0x0000000003121000-memory.dmp
-
Size
1.2MB
-
MD5
92d8996d1a704aed6a1ad5922d9ce6fd
-
SHA1
f0e51aff75f90d2fc8ba88a0a8aff176335f1fdd
-
SHA256
335cf54bef36a0a01af9328be4f072abd00af9e78b0c5657d4add75d1d49b0bf
-
SHA512
149d9f1b2c23c53fbbc0091779a72376c192f5b5ac4515b76bf59c842641d6e615e3f21ef0f988c032736119ae64a5e186d354e017a87f13cc277d2805423104
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQA+1ftxmbfYQJZKdW7:7I99DEWVtQA+Zmn0c
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2876-391-0x0000000002FF0000-0x0000000003121000-memory.dmp
Files
-
2876-391-0x0000000002FF0000-0x0000000003121000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ