MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d4ebdd3f3d5c24f02af85e78b2cef91425766ce335fa69462c65094b4d48a81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	2d4ebdd3f3d5c24f02af85e78b2cef91425766ce335fa69462c65094b4d48a81
SHA3-384 hash:	2a6f9945d7fb153eb061cf1ac01d4209a4103a68707067ae187d6d406283f581a8647a11af001a851c0e8af9bb329387
SHA1 hash:	a799c61a6b72ace7ec16eb65280e0e90dfb0c57b
MD5 hash:	a89c0a2ce14cc78580e9eb85ac438cfb
humanhash:	oranges-black-twenty-asparagus
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	305'664 bytes
First seen:	2023-07-11 11:19:33 UTC
Last seen:	2023-07-12 11:25:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5f7cc0f5167c2e87d5d2573013f2660f (11 x Fabookie)
ssdeep	6144:kXgHxqtUxCE2kWCZ3j9Z0CIiiNmpxyN90vE:MgHxq3EVBkCIFWy90
Threatray	321 similar samples on MalwareBazaar
TLSH	T1E2544912AB25DFB8F0C7C8B6BD70410218E8B4087758B57E96CDCC751A3BC51ADB5AB2
TrID	31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.5% (.SCR) Windows screen saver (13097/50/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 9.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://zzz.fhauiehgha.com/m/okka25.exe

Intelligence

File Origin

# of uploads :

# of downloads :

297

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-07-11 11:20:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a1d12707-5709-4479-8620-e679dfcf42e6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/415583/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/97141/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin msiexec packed shell32

Link:

https://www.filescan.io/uploads/64ad3ae457d1eb6a904efd06/reports/95c4e4f6-eaff-4d05-9a7a-7c4caaa60634/overview

Verdict:

Suspicious

Labled as:

Trojan.Win64.Genus

Link:

https://www.hybrid-analysis.com/sample/2d4ebdd3f3d5c24f02af85e78b2cef91425766ce335fa69462c65094b4d48a81

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/145a42af-cd81-4397-858f-a0145e406381

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/1270813

Signature

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Windows Update Standalone Installer command line found (may be used to bypass UAC)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2d4ebdd3f3d5c24f02af85e78b2cef91425766ce335fa69462c65094b4d48a81/

Threat name:

Win64.Trojan.Privateloader

Status:

Suspicious

First seen:

2023-07-11 11:20:11 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

10 of 23 (43.48%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fvhl3u7t2xbe6avpqxtywlhpsfbfozwognp2nfdcyzijjngurkaq._file

Verdict:

suspicious

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230711-nfezlsgf76/

Behaviour

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

2d4ebdd3f3d5c24f02af85e78b2cef91425766ce335fa69462c65094b4d48a81

MD5 hash:

a89c0a2ce14cc78580e9eb85ac438cfb

SHA1 hash:

a799c61a6b72ace7ec16eb65280e0e90dfb0c57b

Link:

https://www.unpac.me/results/6fe60ce9-a777-418f-afb0-59bff89c10ae/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/415583/

URLhaus

https://urlhaus.abuse.ch/url/2679042/

URLhaus

https://urlhaus.abuse.ch/url/2672595/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample