Behavioral task
behavioral1
Sample
1264-229-0x00000000035B0000-0x00000000036E1000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1264-229-0x00000000035B0000-0x00000000036E1000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
1264-229-0x00000000035B0000-0x00000000036E1000-memory.dmp
-
Size
1.2MB
-
MD5
9f5ccc0d82975be1cb13e7924f7df0de
-
SHA1
9bb1b45a340d616b0cb5c2a979e5d96cd199827a
-
SHA256
ebcb48de6de64ac2f3cdedd79a822a0646a9e602aaf8434c12f104c2fe4914e9
-
SHA512
fbb34af45ab2d64af52ed4684d2fa5e230eeefbd241c85fae1e2af6f0f99919180687b18a861ca5aadd5e68f6339cd4b3822b88f4ed5b30ff10d7073c14664e3
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAq1ftxmbfYQJZKgmb:7I99DEWVtQAqZmn0j
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1264-229-0x00000000035B0000-0x00000000036E1000-memory.dmp
Files
-
1264-229-0x00000000035B0000-0x00000000036E1000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ