Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2024 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    715KB

  • MD5

    8dc1f88ae1fcedeb3983c5f5c3d486b0

  • SHA1

    d40e67ba5558d90cb11eeca04d213322159336fc

  • SHA256

    4a15d91920a4da9a64935248c126fb60e8302198df8e5759da8129ac1841beca

  • SHA512

    0b2263fe049e280af1178fd396a06a04e6b99f7c971839207ae225161257ed9d9b7eaa8d0ceb1f14d3aa2094b53ce91dd045ebc169102e707ea7285f91432ac1

  • SSDEEP

    6144:nA01Nd5uvxQWQSYYaE5CinBdRxQ7cUBmCUiJbc77ZvfuYuEdGxTC2EWf7xLUnw+V:ndo5QWJnnBIShtdGxTC2k5JL

Score
10/10
fabookiespywarestealer

Malware Config

Signatures

  • Detect Fabookie payload 2 IoCs
  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
      PID:1360

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1360-0-0x00007FF71E780000-0x00007FF71E837000-memory.dmp

      Filesize

      732KB

      Download

    • memory/1360-9-0x0000000002B10000-0x0000000002C1A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1360-10-0x0000000002D50000-0x0000000002E7C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1360-13-0x0000000002D50000-0x0000000002E7C000-memory.dmp

      Filesize

      1.2MB

      Download