fabookie

General

Target

cdffa37fc141d02c84b9b936ed0b9cf1bin.zip
Size

1016KB
Sample

231231-p5f4msfcd9
MD5

d4ac2666593f5e35dedb6bca77c92841
SHA1

3708375c0a8f94d35bd7b90eac14bb38b735b411
SHA256

cd1b77c825b2d988e9142e90f54308d76071615e16731fa6d6c63e8ba0961bc5
SHA512

0847b62a43314e32ec8abfea46ca7ad94e6b288f8f4d67e8229406f38b8da35a4bc400eafd9c3c5e3ac334ca25f1eaa1b8d43be13f22a0def9556d57fbe285fd
SSDEEP

24576:Z+dMo25mS58Kxy4ARVSprU7fXA3rThtuZSz0QDcvp21T7:U45h58K1UIG7/AbdtUYpDxT7

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes

url_path
/3886d2276f6914c4.php

rc4.plain

Targets

- Target
  
  9e8fd63fbf58938109c336c047af0e0bd059b3b7840da0ae1577b4ba9fd20599.exe
- Size
  
  1.2MB
- MD5
  
  cdffa37fc141d02c84b9b936ed0b9cf1
- SHA1
  
  353d2047b0c1ab2b56c9995025d166ccf53efdff
- SHA256
  
  9e8fd63fbf58938109c336c047af0e0bd059b3b7840da0ae1577b4ba9fd20599
- SHA512
  
  ae188bdf163e159b1fa86191ce97f243fb4eb3c75b8b3a1175d1d79d8357ecdbf97fe49ead3d949384cf1a4c35c6a5144d5574820f35c07f4262219c5ac3df80
- SSDEEP
  
  24576:Aitr5NIPHu1yWk0grwGaKdfQnmTmA5FE0y5ekqjVnlqud+/2P+Af:AIFN/1yNlwwdInSvkqXfd+/9Af
Score

10^/10

fabookie glupteba stealc zgrat discovery dropper evasion loader persistence rat spyware stealer trojan upx
- Detect Fabookie payload
- Detect ZGRat V1
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2