fabookie

General

Target

0577fa4481dced3714707a1af75103f94288d146088361f6ba52baa282b2e442
Size

3.4MB
Sample

241219-ybzhkaylgn
MD5

99ca4fb276c60eb9c9a57c168d36d9fd
SHA1

2f1451025754967e328337bd21498fc991bdeed7
SHA256

0577fa4481dced3714707a1af75103f94288d146088361f6ba52baa282b2e442
SHA512

1469cd4714ef8afa9293f77e61207f0ec0a65e947f1182fce6f7557529fe517de20fe7ff2ab049b74c56de2d82eb9edae5fece7a87a67e0ccfa86f86ef757aca
SSDEEP

98304:qaKslt88xE2TXCzBA8intj5IVySsKmj+OO8u3:93t8+UFAvjCiMV

Score

10^/10

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Targets

- Target
  
  0577fa4481dced3714707a1af75103f94288d146088361f6ba52baa282b2e442
- Size
  
  3.4MB
- MD5
  
  99ca4fb276c60eb9c9a57c168d36d9fd
- SHA1
  
  2f1451025754967e328337bd21498fc991bdeed7
- SHA256
  
  0577fa4481dced3714707a1af75103f94288d146088361f6ba52baa282b2e442
- SHA512
  
  1469cd4714ef8afa9293f77e61207f0ec0a65e947f1182fce6f7557529fe517de20fe7ff2ab049b74c56de2d82eb9edae5fece7a87a67e0ccfa86f86ef757aca
- SSDEEP
  
  98304:qaKslt88xE2TXCzBA8intj5IVySsKmj+OO8u3:93t8+UFAvjCiMV
Score

10^/10

fabookie ffdroider raccoon discovery evasion persistence spyware stealer trojan upx
- Detect Fabookie payload
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Fabookie family
  fabookie
- Ffdroider family
  ffdroider
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Raccoon family
  raccoon
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2