MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc
SHA3-384 hash:	b9097791cc3f37d64c0eaba52c42e89a859510dd47fe6918d9d2b7dc29424c86a54a4c63f3d34840c3d9a51754181c80
SHA1 hash:	45ce446bd04a94967cf68fbb2b081e391339daff
MD5 hash:	2c7fa278f42d815a58d3e05d295f348c
humanhash:	victor-network-eighteen-nuts
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	378'880 bytes
First seen:	2023-05-21 00:38:03 UTC
Last seen:	2023-05-21 21:58:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	99782e0cdc1c7b57cdc2cde5daff70c0 (14 x Fabookie)
ssdeep	6144:iq3y9wUepfcisGiKrD8bFaggXWeuCvZEOHHrpm1XUZLxEZEOHHrpm1XUZLx:iA+wUep9vuChtLpm1EwtLpm1E
TLSH	T1BA844A2DFBA84476D163C57FD9B2E665D77238916F208BCB0212862F0E336D49939732
TrID	31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.5% (.SCR) Windows screen saver (13097/50/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 9.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	f2e2c2828298d870 (16 x Fabookie, 1 x AsyncRAT, 1 x CoinMiner)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://kkfd.ase6gasdegoo.com/m/llaa25.exe

Intelligence

File Origin

# of uploads :

# of downloads :

250

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2023-05-21 00:41:07 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/db557a46-9c0d-4d7c-9a5f-b87c39045fd8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.W64.Agent.ZX.tr.15316.20368.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/86266/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm lolbin packed setupapi.dll shell32.dll

Link:

https://www.filescan.io/uploads/646968274280adb5d910885a/reports/ad70ef91-d670-4ee4-a941-8889abc0e7de/overview

Verdict:

Suspicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/fe69686b-1107-4d6a-98b0-a499b689b896

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1238363

Signature

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-05-20 15:20:11 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dmqiwpieeihusx2rofgcfwcybbm2z2zfmjorckiddse325zge36a._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230521-ay4h2afc98/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc

MD5 hash:

2c7fa278f42d815a58d3e05d295f348c

SHA1 hash:

45ce446bd04a94967cf68fbb2b081e391339daff

Link:

https://www.unpac.me/results/23c83446-2029-42b4-8efb-9ca5ff459b3d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1b208b3d04220f495f51714c22d8580859aceb25625d1129031c89bd772626fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2636026/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample