MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a
SHA3-384 hash: 05bbad782065efcd6b7663207fcb96ce0003a8e29b8d417ec663e1e519dcbe1ed1d350766a1246c7247c2acf942fe88c
SHA1 hash: d5bd3d9a46f165c12814344379a1afee1af762cb
MD5 hash: a41a6ac1f465981ddd378cbe85e6e5aa
humanhash: moon-carbon-beryllium-quebec
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:558'080 bytes
First seen:2023-04-20 14:25:12 UTC
Last seen:2023-04-23 11:13:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 631fdb37f5587bb06fab5c930edc4a1f (1 x Fabookie)
ssdeep 12288:z1/jIWMWMYzh6byzPNMf4in4qFPddnlpKuooue:z1/jIOMYN6byxo7BRdhXKuooF
Threatray 114 similar samples on MalwareBazaar
TLSH T100C4E8A7F6600EF9C0BF8271C4B65776EBB27A8C4610870F0560E7326F171655F2AB86
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.ghwiwwff.com/m/oskg25

Intelligence

File Origin
# of uploads :
3
# of downloads :
280
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-04-20 14:25:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4bc28a10-23dd-4354-a58e-a7699814d0b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/383784/
Detection(s):
SecuriteInfo.com.Trojan-Downloader.Win64.Agent.17672.23952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/80681/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64414b7acf53491c99888c3e/reports/de8938a3-04fa-4275-ba1e-f91a5e6215d3/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b70104e5-ae3c-48e4-b841-414a38e7e60c
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1218102
Signature
Antivirus detection for URL or domain
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ac7ds5tldierup2zyntripjb2uizsgsglshlbi44sb6uzu4yzefa._file
Verdict:
malicious
Similar samples:
18bd6fdaff90e42bb9de462a41b1e174d3f6d0d8e6425642cbd09d5a309efceb
Fabookie
6591dc0a644a039cd91e77f5d702799a0d98d0cb5aa80296f9514b30b30e3823
Fabookie
6c2c90bb276297dac4caf0b20e38b3a828bac9c98533c36423090cd4fe9a8952
Fabookie
7e6ba21c2fb7f3f4a422504154c7be3e72380d8770d69fb25eb3a547a6d2ac7e
Fabookie
902387aa87934a342776e8e81b67323957cb9c1d10288567ca8058a4614a30b0
Fabookie
b63abf7e425e9793edde2d16e2cb39987c913b8af534dc5b1bc907f1755d6c8d
Fabookie
dc68027f7f3bf947aa5a20ecd5f2c73db5fbed43836552cf300837732c07a93e
Fabookie
ea09c280645956baff7e4cdc2bfa9753104b9025ec81d6853fca43f8c2fcb732
Fabookie
f73ae637e2fabc59414bde71d114a8c941e8d8e73f0ba1bd956c07e5c5cf67dc
Fabookie
+ 104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230420-rrt5fscd2v/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a
MD5 hash:
a41a6ac1f465981ddd378cbe85e6e5aa
SHA1 hash:
d5bd3d9a46f165c12814344379a1afee1af762cb
Link:
https://www.unpac.me/results/215abb12-b419-4694-b96a-68c9359f912f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/00be39766b1a091a3f59c367143d21d511991a465c8eb0a39c907d4cd398c90a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2594534/
Cape
Cape
https://www.capesandbox.com/analysis/383784/

Comments