MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7
SHA3-384 hash: bb3c828bdb0696dafa9f5a099fcb648db08e3d057cfac41a74d096738ce4d74db56057a739e5d38f9406d3eea3ee8608
SHA1 hash: 4c37dcb21172e28a1933953dfd20d77f58148bab
MD5 hash: e83efdb43dc0a53378ccddbd91cb721f
humanhash: orange-maryland-triple-lithium
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:605'184 bytes
First seen:2023-07-01 09:05:07 UTC
Last seen:2023-07-02 08:03:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4673ad56625d375f2efee239af061364 (21 x Fabookie)
ssdeep 12288:Q72WwSPjvuL8XM3lRkRc4YFwjsWAfRgantPbcTTn7axerx7:wwSPr6WM3/kRc4lAgantPbcHn7a
Threatray 285 similar samples on MalwareBazaar
TLSH T1CBD4D081B39095D9C4B88430C693CE71CA317C64DB28569BB6D4BB6F2F32AF16637316
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 60c8d86aec66d4f0 (24 x Fabookie, 1 x DanaBot)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://zzz.fhauiehgha.com/m/okka25.exe

Intelligence

File Origin
# of uploads :
29
# of downloads :
279
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://bthp.com.pk/download/File_pass1234.7z
Verdict:
Malicious activity
Analysis date:
2023-07-01 09:46:42 UTC
Tags:
privateloader opendir loader rat redline fabookie gcleaner amadey trojan smoke evasion ransomware stop stealer vidar arkei
Link:
https://app.any.run/tasks/1cd11df0-4f7f-4b1b-8af9-36a98ddaac5d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/404834/
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
lolbin shell32
Link:
https://www.filescan.io/uploads/649fec7ae546ae296105131b/reports/fc11dc9e-b2ff-459a-8446-24c74ccde408/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/41435a13-a002-4c65-969b-26e721f2879c
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1264443
Signature
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e5hv2pljm7lxi5oo52ciudp7ft6jte4shbq54aqohbll2vf2r7dq._file
Verdict:
suspicious
Similar samples:
0f01971fcbe3a469d0bc8b09743a765696ebe8a6a8fa0166c39cef761105be92
Fabookie
14085e7716a8c98724dce8e2d19c371867064764a8088373e0d0d3d7bb3982a3
Fabookie
155dd3b4d2665fc6486167b4f8ee758f5a848039216c76614ebf3167990e9ec6
Fabookie
426d32b2eb4b85ee5ecca83bbc7afe89cd5774110e2bfdb3189c20fdae04e86e
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
ab6de16c8b725a28c0bb84d4d88daa9a287715c6f42fb1f9949eff2d12f7ddb9
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
bcaff58e4efc3c80c7a401686a5e9acbd13d265ace38bef195e7ee6380ffbf23
Fabookie
c15796facdf9378bda2c0a972f8650e58cd3e35e582548c18bc70d046a55d520
Fabookie
c24dc008827ad34ac3465f1af91e84fecee078966d5035dc0d4e43e58204eea3
Fabookie
+ 275 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230701-k2qfpage76/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7
MD5 hash:
e83efdb43dc0a53378ccddbd91cb721f
SHA1 hash:
4c37dcb21172e28a1933953dfd20d77f58148bab
Link:
https://www.unpac.me/results/0260faab-98b6-4f8f-bd62-807d567b8609/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2672595/
Cape
Cape
https://www.capesandbox.com/analysis/404834/

Comments