Behavioral task
behavioral1
Sample
1060-377-0x0000000003560000-0x0000000003691000-memory.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1060-377-0x0000000003560000-0x0000000003691000-memory.dll
Resource
win10v2004-20230915-en
General
-
Target
1060-377-0x0000000003560000-0x0000000003691000-memory.dmp
-
Size
1.2MB
-
MD5
244308a32e0e9ca8384b72c917efb800
-
SHA1
79915c840668debb91551d313116f0318f0dabe1
-
SHA256
76584f599ada6fad16c93b9db66c1e88fdaebc73ec61c73c505e1d628b423cf0
-
SHA512
625a906dca2ea06447deda0161910d261d0cc414ead076350b662bfd54a78c455ece8602f034794a46a1568cc6688ed24bfc001a49b5bb1829fbf07bcd817a9f
-
SSDEEP
24576:3C7CI9TZDEWk1wCy0zaG9cQAR1ftxmbfYQJZKVJn:7I99DEWVtQARZmn0L
Malware Config
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Signatures
-
Detect Fabookie payload 1 IoCs
resource yara_rule sample family_fabookie -
Fabookie family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1060-377-0x0000000003560000-0x0000000003691000-memory.dmp
Files
-
1060-377-0x0000000003560000-0x0000000003691000-memory.dmp.dll windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 906KB - Virtual size: 905KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ