fabookie | 0fbba8e91172cb9771907b9d98495f9c11fb83c15844e3fda228ce153a827dc1 | Triage

Submit
Reports

Overview

overview

Static

static

7

653a7ba5f4...0N.exe

windows7-x64

653a7ba5f4...0N.exe

windows10-2004-x64

Sharing

General

Target

653a7ba5f4c61283b8eb748d9e639200N
Size

4.3MB
Sample

240908-yg33yasdrl
MD5

653a7ba5f4c61283b8eb748d9e639200
SHA1

18571ca1a9c55c260d6c2c9ef9bc834ad5123ee6
SHA256

0fbba8e91172cb9771907b9d98495f9c11fb83c15844e3fda228ce153a827dc1
SHA512

f269430db07a5e6a0c69d19c3169cc698af6dd0537a8422f81f24e38b44791788df562cbd23aa4d0ab1c23b641804a7850d23e3fc460a6c4c6f211d42fe2b692
SSDEEP

98304:GlN6KKKJHnmbOdqTJxrb9316Lnp8XUHKwOkmo4yOg:GlN6b8Gb3JFbh16LJOk

Score

10^/10

fabookie discovery persistence spyware stealer upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

653a7ba5f4c61283b8eb748d9e639200N.exe

Resource

win7-20240903-en

fabookie discovery persistence spyware stealer upx vmprotect

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

653a7ba5f4c61283b8eb748d9e639200N.exe

Resource

win10v2004-20240802-en

fabookie discovery persistence spyware stealer upx vmprotect

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  653a7ba5f4c61283b8eb748d9e639200N
- Size
  
  4.3MB
- MD5
  
  653a7ba5f4c61283b8eb748d9e639200
- SHA1
  
  18571ca1a9c55c260d6c2c9ef9bc834ad5123ee6
- SHA256
  
  0fbba8e91172cb9771907b9d98495f9c11fb83c15844e3fda228ce153a827dc1
- SHA512
  
  f269430db07a5e6a0c69d19c3169cc698af6dd0537a8422f81f24e38b44791788df562cbd23aa4d0ab1c23b641804a7850d23e3fc460a6c4c6f211d42fe2b692
- SSDEEP
  
  98304:GlN6KKKJHnmbOdqTJxrb9316Lnp8XUHKwOkmo4yOg:GlN6b8Gb3JFbh16LJOk
Score

10^/10

fabookie discovery persistence spyware stealer upx vmprotect
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fabookiediscoverypersistencespywarestealerupxvmprotect

behavioral2

fabookiediscoverypersistencespywarestealerupxvmprotect

© 2018-2024

Terms | Privacy