MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0619906472445cb9a255fc8866e2a10c829bee16e7f55bb95bd192cc241ecbb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0619906472445cb9a255fc8866e2a10c829bee16e7f55bb95bd192cc241ecbb1
SHA3-384 hash: 4874f852ee1d562e04c0e5fa67f6d418491476c8f1abc322ae14bf2c196da8c57d6ea21758ba3c5d6c5bcc91eecd7a67
SHA1 hash: c5c0d40fc7dfaf4b96bb61f920b7d1028ca00651
MD5 hash: 2244726198e4d6b641768b049b82473c
humanhash: east-oxygen-bakerloo-mountain
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:1'413'329 bytes
First seen:2023-07-04 17:28:03 UTC
Last seen:2023-07-05 01:50:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 38934ee4aaaaa8dab7c73508bc6715ca (2 x Fabookie)
ssdeep 24576:62u5GJgYNLP31gaE9GwrOeHyFCYS47YjAt/D86Y/fDcxf50kIxiSqEvyRzN7FR8D:Nu5WgYNzzgFyhdYjARo6YnFke2Es7FRK
Threatray 293 similar samples on MalwareBazaar
TLSH T1A6659D963AFAC16CC488C530F1ADC72D034BBF851560869E7F95AE60768F58D87BAF04
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon faf9f8d4d6ccc0c1 (6 x Fabookie, 4 x LummaStealer, 3 x AsyncRAT)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://zzz.fhauiehgha.com/m/okka25.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
276
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-07-04 17:28:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/46ce2061-8c32-45a6-bfdc-609c8e1546e1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/407135/
Detection(s):
SecuriteInfo.com.FileRepMalware.21462.3197.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin packed shell32
Link:
https://www.filescan.io/uploads/64a456df51710bcd8d443134/reports/df13c915-bf10-4183-9088-a61ea1c92af5/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/0619906472445cb9a255fc8866e2a10c829bee16e7f55bb95bd192cc241ecbb1
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/0104d3a1-ac44-4e55-898b-a1c0b9139956
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1266775
Signature
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0619906472445cb9a255fc8866e2a10c829bee16e7f55bb95bd192cc241ecbb1/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2023-07-04 10:57:34 UTC
File Type:
PE+ (Exe)
Extracted files:
29
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aymzazdsiroltisv7segnyvbbsbjx3qw472vxok32gjmyja6zoyq._file
Verdict:
suspicious
Similar samples:
0bc3689575acffde20abb2ff8db97b9698b07fc0e2f64a04ef10dea26fe64d87
Fabookie
3995ed61d4b3901bfacb5a8d36500664c1145c6287f8eba5f0077ef1b780355c
Fabookie
5aad31095b0b9a429fed8773a233eb872868467d33f52b9d6f6e7fa078092011
Fabookie
7d0417ec0e02002489cda78b4fd5d4dc57d4957a00287b4eb24c8cec8c68caad
Fabookie
8a2e061b3b38dff83f62982a6b0087e5c4ea1c47192bf0ac2f8f67397636b164
Fabookie
8d8ae453a5773f10fddff520a45326b3d665f79e707898fa0e09b28084bfb1f9
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
c24dc008827ad34ac3465f1af91e84fecee078966d5035dc0d4e43e58204eea3
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
fe51caf5491e7f38b524ed374c6c9701700a9fa9c8f950379424fae99de0ced2
Fabookie
+ 283 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230704-v2jy1sfg82/
Behaviour
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
0619906472445cb9a255fc8866e2a10c829bee16e7f55bb95bd192cc241ecbb1
MD5 hash:
2244726198e4d6b641768b049b82473c
SHA1 hash:
c5c0d40fc7dfaf4b96bb61f920b7d1028ca00651
Link:
https://www.unpac.me/results/7632a161-c854-4fbe-a511-e3cfd9ede71e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2672595/
Cape
Cape
https://www.capesandbox.com/analysis/407135/

Comments