fabookie | 94dd50d7e2cf51afc36430c6bbaf7970ed9d6b16ce86378af140c8ec7ce82a0e | Triage

Sharing

General

Target

536a81780e5a408bb7d040b3de206bf1.bin
Size

554KB
Sample

231011-3xxcjsee55
MD5

2326b492c53f8eedd27e8eea4eb62af8
SHA1

ed638b7f30d5a32aa8a34e0f479c8450e63652c6
SHA256

94dd50d7e2cf51afc36430c6bbaf7970ed9d6b16ce86378af140c8ec7ce82a0e
SHA512

e4d5f602e0e8ba9cec9ebb37d0c204517cc8d5349a9451207181b547f858a25725abb506b7d5351dbba5d64a4722bb473e642d916084ac030597c2f22ae12608
SSDEEP

12288:/6bI9v1n6oIaJ8+YIvfa5w8c3tifJ30XGIamZqEj/PyQ4TPtKDnbdwx:/UIfn6WbaG8c98JEX1xZ1LaFTCb8

Score

10^/10

fabookie spyware stealer

Malware Config

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

- Target
  
  c7d97cf87cac0f033cae23440626b246c72b658e1c4c2e61a4b60969b8f63a95.exe
- Size
  
  860KB
- MD5
  
  536a81780e5a408bb7d040b3de206bf1
- SHA1
  
  45e6ff5f2363bda42460d195e5c4044841a55693
- SHA256
  
  c7d97cf87cac0f033cae23440626b246c72b658e1c4c2e61a4b60969b8f63a95
- SHA512
  
  f7233e10ffb3754b48e2d2a9cc2115999f5fc6616f568e4a0651b61a8fe12f78229ded06f46b7f02d130dd1bebcb59eda711b369073c19d10962e429ef14e39d
- SSDEEP
  
  12288:VyGetS/ITJqrraq/t2qny6xdRhMAK4vcmPEl0Io:tuS/UEn/tUIMGPEl0I
Score

10^/10

fabookie spyware stealer
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fabookiespywarestealer

behavioral2

fabookiespywarestealer