fabookie | 1316-430-0x00000000033B0000-0x00000000034E1000-memory[.]dmp | Triage

Sharing

General

Target

1316-430-0x00000000033B0000-0x00000000034E1000-memory.dmp
Size

1.2MB
MD5

b5cb922b7957183235fa05428049d158
SHA1

6d4cf6904b4eb6ca3b3cf1a3e244c110d20316f4
SHA256

46a1cf19aff111db0bce8206d56e2cf23c8faf9c547440c18ecec9dd5aef61ef
SHA512

4dbacd1fb7d4faccab60d4a92f5facc97d9595b76f98b90acde827e23ca7f241402682f57257c5fbdb7b7716c1fc12b92a8dbc4b66ac510bc3d71bf91360eefa
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAK1ftxmbfYQJZKnGo:7I99DEWVtQAKZmn0G

Score

10^/10

fabookie

Malware Config

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
sample	family_fabookie

Fabookie family
fabookie

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1316-430-0x00000000033B0000-0x00000000034E1000-memory.dmp

Files

1316-430-0x00000000033B0000-0x00000000034E1000-memory.dmp
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ