fabookie | 3555805731fe9aeb942a0859e9205481f6367547068658f57ddf38859b8b5cba | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

5.0MB
Sample

240116-t3s3mseghq
MD5

9fbddfa2696d5061750e6e0ff2162c28
SHA1

a2cc8c949d1404058657ca7fb81854ae092762f3
SHA256

3555805731fe9aeb942a0859e9205481f6367547068658f57ddf38859b8b5cba
SHA512

ea2b807664bc4844ee92f9970ce63a12a98cc42ec23c0f893ef206d09eab9ef6e5b23f36b2671495ee6574e77b0d7cce6503a8950fc48db058037401b1cb068e
SSDEEP

49152:ty/agNoehGYQBcQSiiQMchTQU0Pglz1OCuFTeeoXSS0x1HMToTQFAxTi4I0HQiuq:7CU0Pg91TXKs8Tk4W+f64X

Score

10^/10

fabookie glupteba stealc dropper evasion loader spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20231215-en

fabookie glupteba stealc dropper evasion loader spyware stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20231215-en

glupteba stealc dropper evasion loader stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes

url_path
/3886d2276f6914c4.php

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  5.0MB
- MD5
  
  9fbddfa2696d5061750e6e0ff2162c28
- SHA1
  
  a2cc8c949d1404058657ca7fb81854ae092762f3
- SHA256
  
  3555805731fe9aeb942a0859e9205481f6367547068658f57ddf38859b8b5cba
- SHA512
  
  ea2b807664bc4844ee92f9970ce63a12a98cc42ec23c0f893ef206d09eab9ef6e5b23f36b2671495ee6574e77b0d7cce6503a8950fc48db058037401b1cb068e
- SSDEEP
  
  49152:ty/agNoehGYQBcQSiiQMchTQU0Pglz1OCuFTeeoXSS0x1HMToTQFAxTi4I0HQiuq:7CU0Pg91TXKs8Tk4W+f64X
Score

10^/10

fabookie glupteba stealc dropper evasion loader spyware stealer trojan upx
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

fabookiegluptebastealcdropperevasionloaderspywarestealertrojanupx

behavioral2

gluptebastealcdropperevasionloaderstealertrojanupx

© 2018-2025

Terms | Privacy