General
-
Target
0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5.bin.sample.gz
-
Size
19.0MB
-
Sample
241208-3xp88swmes
-
MD5
6ff960b01aff126bd4941ff77f50d450
-
SHA1
60e310d40576ba293826f4c32497481d9d0d9917
-
SHA256
58d351c4724c28b369df9524058ae8b67ae110fd880e6d6ede9d78f9eaa47b73
-
SHA512
4724370db46ebfb6a78583bf81464d8bf87541ecda5d5ca4dbf943771e2ce165299250fa4a1353927cbebfc19d9a564550d00d1fdcb8b7f90ba7b044b087b37f
-
SSDEEP
393216:srFkLwpwbxtKGnyh+tdtG5JC0vSnTJ7tg1Kjkgj1u9GoFsj9ME:iklxIyyhudt88CQBJIgQW9ME
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
sample.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
sample
-
Size
19.1MB
-
MD5
8ebac20b51430b0cc35cef0bb4343524
-
SHA1
d73890138f1bac7f87cbb0137a86b000ca1dfdc8
-
SHA256
0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5
-
SHA512
0db3f4eb3df46f9811793edd29388fe7c9a36c3c9f94f4f16caaaa70d0a28aa4e8a38ccc96fd57270dab9d23b0313f85aab0808e81c660512bc8abc7d2f90674
-
SSDEEP
393216:obnSY7czVZQ+jQ3o3xrcJpuEJsVLDV3EJCP2qzFMlSQbY3hyt:GOVSiQ30xrUQkoFz+qaghyt
-
Detect Fabookie payload
-
Fabookie family
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1