fabookie

General

Target

d52860d6be6ea1ec9f809d6527d46b06
Size

8.5MB
Sample

240319-nsr5psbh4y
MD5

d52860d6be6ea1ec9f809d6527d46b06
SHA1

9c5a0e6266eca4f86bd38efddc8551e95451158f
SHA256

39326cdd0c863e1766ecc3d119ec18fdaa93ef886cfbc887f76784f745df73e4
SHA512

64d356059ef696a8297a7e0f28b3108ee1a8bdb68edde0b52667fbff1b46e9daf0c42fdc545795443fbe7fe7db6734935d147f01bb3101f1f0d2fdf2e25a6000
SSDEEP

196608:UzE5qkxHYUggVmv8vWkd08L+u3fCbrKtSBJCLSeZ:IE5LiUgsPWC08F3qitSBYlZ

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

ffdroider

C2

http://186.2.171.3

Targets

- Target
  
  d52860d6be6ea1ec9f809d6527d46b06
- Size
  
  8.5MB
- MD5
  
  d52860d6be6ea1ec9f809d6527d46b06
- SHA1
  
  9c5a0e6266eca4f86bd38efddc8551e95451158f
- SHA256
  
  39326cdd0c863e1766ecc3d119ec18fdaa93ef886cfbc887f76784f745df73e4
- SHA512
  
  64d356059ef696a8297a7e0f28b3108ee1a8bdb68edde0b52667fbff1b46e9daf0c42fdc545795443fbe7fe7db6734935d147f01bb3101f1f0d2fdf2e25a6000
- SSDEEP
  
  196608:UzE5qkxHYUggVmv8vWkd08L+u3fCbrKtSBJCLSeZ:IE5LiUgsPWC08F3qitSBYlZ
Score

10^/10

fabookie ffdroider glupteba metasploit privateloader risepro smokeloader socelars pub2 backdoor dropper evasion loader persistence spyware stealer trojan upx vmprotect
- Detect Fabookie payload
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Socelars payload
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops Chrome extension
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1