MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25
SHA3-384 hash: 2425b1ca848daaa874e13e931ccc01c9420500c600dcc516fa1d2e97409a309f8d358f44ffbd74148a42564a87bd91fb
SHA1 hash: d44f8bc6fe4b425470061a110a6df1bd6ba3231a
MD5 hash: 20527695866bca0bfc6eac1fe60e7fb8
humanhash: helium-fanta-skylark-monkey
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:250'880 bytes
First seen:2023-07-03 00:12:37 UTC
Last seen:2023-07-04 03:00:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9fc536475d83b8af187b6bb597df0e0c (3 x Fabookie)
ssdeep 6144:dTG3HW77/IpsZAoovGTeTav5LeNDGOb+asE:dT7K4eTav5Lyb
Threatray 291 similar samples on MalwareBazaar
TLSH T163349D46F75400B8C03BC57AC9928755DBB2F82567344BCB8374DBAA1F237E18A3EA15
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon d4f8f8f8f4f0ecd4 (3 x Fabookie, 2 x CoinMiner)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://zzz.fhauiehgha.com/m/okka25.exe

Intelligence

File Origin
# of uploads :
30
# of downloads :
246
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-07-03 04:20:47 UTC
Tags:
fabookie
Link:
https://app.any.run/tasks/11f4631b-90b3-4c68-b903-5b777b175fa5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/405536/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
advpack control greyware lolbin makecab packed
Link:
https://www.filescan.io/uploads/64a2128d1a035eeff9b3bc59/reports/5a53aa71-d4b4-41eb-8210-9a223f9c6273/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Agent
Link:
https://www.hybrid-analysis.com/sample/0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2c4d5131-d035-4d21-aa1c-c3f795023a9d
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1265324
Signature
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2023-07-03 00:13:03 UTC
File Type:
PE+ (Exe)
Extracted files:
22
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxed35mtxdwjngeqs2b6beczoz7hyfa2tq2yl2tov6wh6jeydisq._file
Verdict:
suspicious
Similar samples:
0f01971fcbe3a469d0bc8b09743a765696ebe8a6a8fa0166c39cef761105be92
Fabookie
14085e7716a8c98724dce8e2d19c371867064764a8088373e0d0d3d7bb3982a3
Fabookie
155dd3b4d2665fc6486167b4f8ee758f5a848039216c76614ebf3167990e9ec6
Fabookie
274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
562a4a69963a30bd48803e9746c8db6749f88397bb34f76c686643205f787138
Fabookie
922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5
Fabookie
ab6de16c8b725a28c0bb84d4d88daa9a287715c6f42fb1f9949eff2d12f7ddb9
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
c24dc008827ad34ac3465f1af91e84fecee078966d5035dc0d4e43e58204eea3
Fabookie
+ 281 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230703-ahqx1aeb22/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25
MD5 hash:
20527695866bca0bfc6eac1fe60e7fb8
SHA1 hash:
d44f8bc6fe4b425470061a110a6df1bd6ba3231a
Link:
https://www.unpac.me/results/0e705860-63d8-42b4-a17a-6f7deb99bc84/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0dc83df593b8ec9698909683e09059767e7c141a9c3585ea6eafac7f24981a25

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2672595/
Cape
Cape
https://www.capesandbox.com/analysis/405536/

Comments