fabookie | d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55 | Triage

Sharing

General

Target

d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55_JC.exe
Size

368KB
Sample

231013-clpkfscc54
MD5

c91dc9548823528f7c4f84f5148f044c
SHA1

8b46d830ed3faa7e63f8d3e8a63f65809512e8b2
SHA256

d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55
SHA512

c5080f25f0b3028de58d3407699014a6e7b4511fff0f54c344676ef80651129daaced8b625d050b3054b0aa76f7b8ebff0bf9bdf14f011448d6ac65802373862
SSDEEP

6144:hXXy9wUepQcisGiKzD8bFaggXWe0XZEOHHrpm1HUZLxRZEOHHrpm1HUZLx:hH+wUepEv0ptLpm10TtLpm10

Score

10^/10

fabookie spyware stealer

Malware Config

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

- Target
  
  d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55_JC.exe
- Size
  
  368KB
- MD5
  
  c91dc9548823528f7c4f84f5148f044c
- SHA1
  
  8b46d830ed3faa7e63f8d3e8a63f65809512e8b2
- SHA256
  
  d9e2126f3d0162ce88e0e98217ea8eaba774aa34c5fd7f47e028cf27f15b7e55
- SHA512
  
  c5080f25f0b3028de58d3407699014a6e7b4511fff0f54c344676ef80651129daaced8b625d050b3054b0aa76f7b8ebff0bf9bdf14f011448d6ac65802373862
- SSDEEP
  
  6144:hXXy9wUepQcisGiKzD8bFaggXWe0XZEOHHrpm1HUZLxRZEOHHrpm1HUZLx:hH+wUepEv0ptLpm10TtLpm10
Score

10^/10

fabookie spyware stealer
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fabookiespywarestealer

behavioral2

fabookiespywarestealer