Behavioral task
behavioral1
Sample
2888-221-0x0000000002BC0000-0x0000000002CF1000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2888-221-0x0000000002BC0000-0x0000000002CF1000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
2888-221-0x0000000002BC0000-0x0000000002CF1000-memory.dmp
-
Size
1.2MB
-
MD5
1be2badcdb978a2f4b858b0c0a8e0d34
-
SHA1
9f8b44bc21d7536d4e5ce95687716c0061359dd3
-
SHA256
e3d24b381fc9738555455e3baac5c24e1a3ab19a639f3318ae62bfb9f3313a2a
-
SHA512
57ef7549b5e9386183c8e743ec178d7e656b50a5be2317d2843aa934173ab44ba5dc10e7e04af9c3f8977af1eec1e6de6f98740bca048a401997c490ed14b1f1
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAO1ftxmbfYQJZKBAX:7I99DEWVtQAOZmn0S
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2888-221-0x0000000002BC0000-0x0000000002CF1000-memory.dmp
Files
-
2888-221-0x0000000002BC0000-0x0000000002CF1000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ