fabookie | 7a4d99824f0be690c51bcbb88ea9449cfda966d88ff206a2184e87cbe13fe49d

Analysis

max time kernel
161s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a4d99824f0be690c51bcbb88ea9449cfda966d88ff206a2184e87cbe13fe49d_JC.exe
Size

334KB
MD5

dee364376c8ad99ff1ee640679aaa1be
SHA1

c929fdcae29f30c4853d1e450bef24b122e6be30
SHA256

7a4d99824f0be690c51bcbb88ea9449cfda966d88ff206a2184e87cbe13fe49d
SHA512

8f62cfb3a0b4113be84ca3a949f3e1069e68e2f0147a035a14071373d95cc0758ea2935b18d352f2bd5589be051a2d1afd31f76bcbe86746fb1219c6afbce483
SSDEEP

6144:zFZ8RIT6Eam4StJ3rXDf49Zu7SkDoPiaODgKYleQ4S4P:zIdSXDgjyrMAP

Score

10^/10

fabookie spyware stealer

Malware Config

Extracted

Family

fabookie

http://app.nnnaajjjgc.com/check/safe

Signatures

Detect Fabookie payload 2 IoCs

resource	yara_rule
behavioral2/memory/3108-12-0x0000000003590000-0x00000000036C1000-memory.dmp	family_fabookie
behavioral2/memory/3108-15-0x0000000003590000-0x00000000036C1000-memory.dmp	family_fabookie

Fabookie
Fabookie is facebook account info stealer.
spyware stealer fabookie
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

C:\Users\Admin\AppData\Local\Temp\7a4d99824f0be690c51bcbb88ea9449cfda966d88ff206a2184e87cbe13fe49d_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7a4d99824f0be690c51bcbb88ea9449cfda966d88ff206a2184e87cbe13fe49d_JC.exe"
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3108-0-0x00007FF717260000-0x00007FF7172B8000-memory.dmp

Filesize
352KB

Download
memory/3108-11-0x0000000003410000-0x0000000003581000-memory.dmp

Filesize
1.4MB

Download
memory/3108-12-0x0000000003590000-0x00000000036C1000-memory.dmp

Filesize
1.2MB

Download
memory/3108-15-0x0000000003590000-0x00000000036C1000-memory.dmp

Filesize
1.2MB

Download