Overview

overview

10

Static

static

3

bf8092550a...aa.exe

windows7-x64

10

bf8092550a...aa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 09:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf8092550afdf596dd95e8c38bc93b2fe7244dcac48fb2b95a2e1487c45cd9aa.exe

  • Size

    636KB

  • MD5

    a1e3d69810e55d924bf8ac091235110c

  • SHA1

    1e200e3485a706cccd366a0587610a82193d435c

  • SHA256

    bf8092550afdf596dd95e8c38bc93b2fe7244dcac48fb2b95a2e1487c45cd9aa

  • SHA512

    d2a4d7e18d91e4732d949a85b055ae3e2b6d675aff525967d63edd904a42b37bfe264ebe20e88ba0d2a19421657743e91ca84a31660dccc7fe7ea837f76463b0

  • SSDEEP

    6144:MfIWs1kdFDIZEkzJwz9OhcHQU8rATKbGHbI0/tGKP15Vuc7GHbI0/tGKP15Vuc1h:ubfatcH5049Duca049Duc1y6

Score
10/10
fabookiespywarestealer

Malware Config

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Signatures

  • Detect Fabookie payload 2 IoCs
  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf8092550afdf596dd95e8c38bc93b2fe7244dcac48fb2b95a2e1487c45cd9aa.exe
    "C:\Users\Admin\AppData\Local\Temp\bf8092550afdf596dd95e8c38bc93b2fe7244dcac48fb2b95a2e1487c45cd9aa.exe"
    1⤵
      PID:4948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4948-0-0x00007FF6E7080000-0x00007FF6E7122000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4948-9-0x0000000002B50000-0x0000000002CC1000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4948-10-0x0000000002CD0000-0x0000000002E01000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4948-13-0x0000000002CD0000-0x0000000002E01000-memory.dmp

      Filesize

      1.2MB

      Download