MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154
SHA3-384 hash:	3e39afd294c108a5f6c0b06b99fc879857f224539be951d012adf768b3cde61c919bb087d96ee15f06706bd0765e6a0c
SHA1 hash:	2f2684f6b51eb63c3464386ba9e441169e3a11d7
MD5 hash:	c99703f48559d2cc22c3033138eba101
humanhash:	eight-video-sixteen-timing
File name:	c99703f48559d2cc22c3033138eba101.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	430'080 bytes
First seen:	2023-08-28 09:14:45 UTC
Last seen:	2023-08-28 09:39:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d1884757532ce7b0014241f40262c929 (16 x Fabookie)
ssdeep	6144:ul073J3gYxsK4ibO9rADWS4t0+eoJAbB3T+cbJp:z3JwYiKdqE80+5cCIJp
Threatray	465 similar samples on MalwareBazaar
TLSH	T11E949ED2E25040E5D477C2B982734B62E7F27C285F214ADF4659B6292F337D28936A0B
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	70646666fab4b064 (18 x Fabookie, 5 x GuLoader)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

256

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

c99703f48559d2cc22c3033138eba101.exe

Verdict:

Malicious activity

Analysis date:

2023-08-28 09:19:16 UTC

Tags:

fabookie stealer

Link:

https://app.any.run/tasks/8ea5db3c-4f7a-4e37-abd0-9d533e85000f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/444868/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.60187.18157.12457.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

fabookie keylogger lolbin shell32

Link:

https://www.filescan.io/uploads/64ec659dd7ae0984750f5b09/reports/477af618-9c04-457b-9ea1-fdf7f4f3adc6/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/90019417-2280-443d-87e5-5efc2c589391

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1298568

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-08-27 11:28:31 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

15 of 36 (41.67%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ba4jjnlhqqr6u4dxhe2fb5hzxgmatf23smttifeb5uhdgmhegfka._file

Verdict:

malicious

Fabookie

6000f428bfd3149bfcab76cbfa53385e71d2c99539b78d2b5e671d4721d6c2c7

Fabookie

645168fedeed9948b5103f10d52c9adf1133358e1b1ab4ac0893dd3bb73b2df5

Fabookie

7c153ecb0cc0b6c1c4d3033c806bee89285db6e37902df15ebc4c85b46f24338

Fabookie

ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0

Fabookie

adeeb5ab4974433126bf0c2d15234dc13fcd577217babbf0d352517ec588b7af

Fabookie

d440158b91d965693007b539131704b3bdd72e864b5adc1c0e230213acd3d97b

Fabookie

ee1e789a40e3cc8ff607726cbe0a8b72b86a51e933787a7074ac6c0b58bc59c7

Fabookie

fec5e8cb13f8418df2d3c2188c40eb2844084b02bdd9f2a899690b3a7b25986c

Fabookie

+ 455 additional samples on MalwareBazaar

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230828-k7w6esgf6z/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154

MD5 hash:

c99703f48559d2cc22c3033138eba101

SHA1 hash:

2f2684f6b51eb63c3464386ba9e441169e3a11d7

Link:

https://www.unpac.me/results/f288be2f-a6b0-422d-99e1-d251b607e089/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/083894b5678423ea7077393450f4f9b99809975b9327341481ed0e3330e43154

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.