MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583
SHA3-384 hash:	55bed7eceb9ffccf9fa703f61d03986a2b75c3f8b510dd6e734ff53c9ddcb95fb1f7a773f79dd3941bdf1bd04458411b
SHA1 hash:	476cebbf6d7a39ef3dd96e8d2d1d4684fb03faab
MD5 hash:	34a7dbf9c978714dd0679079c5445a10
humanhash:	sixteen-dakota-pennsylvania-eight
File name:	34a7dbf9c978714dd0679079c5445a10
Download:	download sample
Signature	Fabookie Alert Create hunting rule
File size:	405'504 bytes
First seen:	2024-01-16 03:43:56 UTC
Last seen:	2024-01-16 05:20:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep	1536:XyK9MKyCC4UuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6u9:XX9MLxuBXnAYy4AZ6qevcgJFW
Threatray	623 similar samples on MalwareBazaar
TLSH	T14B84DD64F0B6ECB3DA126B7039FCF91C91AD71551386868E365AF0B692D330031DDBA9
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter	zbetcheckin
Tags:	64 exe Fabookie

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

339

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN smoke

Malware family:

smoke

Alert

Create hunting rule

ID:

1

File name:

New Text Document.bin.exe

Verdict:

Malicious activity

Analysis date:

2024-01-16 19:38:50 UTC

Tags:

loader opendir ducktail hausbomber stealer stealc risepro evasion miner smoke smokeloader trojan glupteba vodkagats vidar zgrat pureminer rhadamanthys ransomware stop formbook xloader amadey botnet spyware redline xmrig pureloader purecrypter kelihos quasar fabookie lumma raccoonclipper phishing payload rat asyncrat remote

Link:

https://app.any.run/tasks/6b79a8ed-b6c9-4102-9c5d-1ed148f16f7d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/471041/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.DownLoader46.47727.32416.18196.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

fabookie lolbin shell32

Link:

https://www.filescan.io/uploads/65a5fb833b363792f35a1b48/reports/274a030c-69ed-486a-aaa6-53b425841971/overview

Hybrid Analysis Win/malicious_confidence_60%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/44955c03-06a6-423a-beca-c0207ede00cf

Joe Sandbox Fabookie

Result

Threat name:

Fabookie

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1375137

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

93%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583/

ReversingLabs TitaniumCloud Win64.Trojan.Swrort

Threat name:

Win64.Trojan.Swrort

Alert

Create hunting rule

Status:

Malicious

First seen:

2024-01-15 21:04:06 UTC

File Type:

PE+ (Exe)

Extracted files:

28

AV detection:

10 of 24 (41.67%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bsijhf2tizmr277jshwyxvci2ink5mowln6eqerkdfre4b3v2wbq._file

Threatray suspicious

Verdict:

suspicious

Similar samples:

0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

Fabookie

65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421

Fabookie

8302d62f0ccd3c416440e413b641e698172e5258c81f1271da5fa782c034cc15

Fabookie

86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4

Fabookie

c313743bbe473242a6f3ffd64c64b00adf0137bd797869956c31e707c1b23a73

Fabookie

fb3826c5caf9c4ae35f4819410905fa6a19617272edee37d9341a69e64b8a73c

Fabookie

+ 613 additional samples on MalwareBazaar

Hatching Triage fabookie

Result

Malware family:

fabookie

Alert

Create hunting rule

Score:

  10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/240116-eagrksdea2/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

UnpacMe

Unpacked files

SH256 hash:

0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

MD5 hash:

34a7dbf9c978714dd0679079c5445a10

SHA1 hash:

476cebbf6d7a39ef3dd96e8d2d1d4684fb03faab

Link:

https://www.unpac.me/results/bd70eb9b-e7be-41dc-aa73-18913363a401/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2748949/

Cape

https://www.capesandbox.com/analysis/471041/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2024-01-16 03:43:57 UTC

url : hxxp://ji.alie3ksgdd.com/ef/rty27.exe