MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8
SHA3-384 hash: a631503575bd4128be29085fe65f0d93c2e410235b62a5a0c53f28309176c97177cc8541998d8ac9096ffcb3f7ba8a36
SHA1 hash: 25348a49322803af781da0437c3203b7e50bab71
MD5 hash: 78f3c5525c16966443b90959685dc52f
humanhash: oscar-low-georgia-april
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:575'488 bytes
First seen:2022-10-18 14:50:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4a85e40b703e7f894c51a443e2339cff (1 x Fabookie)
ssdeep 12288:MSXY8X/3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:DIW/3/kRc4l6g6gtPbcHn7q
Threatray 201 similar samples on MalwareBazaar
TLSH T197C4CF8132909685C5744934C593DE608B327C74AB21469F37E8BB7F2F73AA27936326
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 60c8d86aec66d4f0 (24 x Fabookie, 1 x DanaBot)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from https://kke.eiwaggee.com/files/pe/pb1115.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
254
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Install.bin
Verdict:
Malicious activity
Analysis date:
2022-10-18 02:56:08 UTC
Tags:
installer evasion loader trojan rat redline raccoon recordbreaker stealer opendir
Link:
https://app.any.run/tasks/504917b2-d089-4d2f-afbf-9c5ff37f5731

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/321426/
Detection(s):
Win.Downloader.Upatre-9880459-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Creating a file in the system32 subdirectories
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/43661/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated shell32.dll upatre
Link:
https://www.filescan.io/uploads/634ebd57455bf4ac5c715531/reports/29410a13-297d-463c-8ddf-37a235d40402/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/5d762cc4-cf89-4fbf-b43f-85be1a473e67
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1092831
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-10-18 06:04:37 UTC
File Type:
PE+ (Exe)
Extracted files:
90
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmbo5bczpgwepismu5bmvd7wy3hkrtdpkxmj7bacsbimyuwonx4a._file
Verdict:
malicious
Similar samples:
00cbd7c3427b9d2e960bd1d3fb04d3897a7c53486b52e5c42f0c2c6678a63762
Fabookie
3b4c1d0a112668872c1d4f9c9d76087a2afe7a8281a6cb6b972c95fb2f4eb28e
Fabookie
53379b36716f384e530dae9ec883c459d0c12f0260116614a0482ded7d9b5ba9
Fabookie
5e69583874b33475ff03d5e86c6805bd7d60daeac0071138ac62ca0d60131899
Fabookie
6c49edabd61702b5254163c19c7fedb5f009730cb1eb63e9f97f2a760cfbeaed
Fabookie
8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0
Fabookie
9df3408b1000950b400430c06b7b7bb0b2f54dc7371e877fdf5f8453797a7692
Fabookie
d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06
Fabookie
ed00cd1148a9f1c60d5f622a1e255d63cf63bf119abb7125a8ac1bab2c7da416
Fabookie
+ 191 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221018-r75wwsgbe4/
Gathering data
Unpacked files
SH256 hash:
0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8
MD5 hash:
78f3c5525c16966443b90959685dc52f
SHA1 hash:
25348a49322803af781da0437c3203b7e50bab71
Link:
https://www.unpac.me/results/928f90d1-1733-4575-abe7-6918131f2b16/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2374499/
  
URLhaus
https://urlhaus.abuse.ch/url/2374444/
Cape
Cape
https://www.capesandbox.com/analysis/321426/

Comments