MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40
SHA3-384 hash: 57dc0b430b1b83eedad8622aa8f46c6f4aea76f5923b1b3760a6f44e8c0926284cb3a4f2e81ea3da3230eef701588d8c
SHA1 hash: 7bb5280cb241c3f71c5d3f68cc18bf17f549bdda
MD5 hash: 72fa10bd951a660d3b64696d0ce2398a
humanhash: yankee-lactose-utah-wolfram
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:690'176 bytes
First seen:2023-05-26 22:35:25 UTC
Last seen:2023-05-28 00:17:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 415314d0031f15135fbc02f2ca18bb2f (2 x Fabookie)
ssdeep 6144:KvY7uKa7GjX7jpbERxpp521t+6mslnCUGwfxIRLtxIRLuovZ3H3AdKy9HGeofJgG:3/04rlwppx6mDaooojmN
TLSH T115E4F600E5410452CC9F5F7A8A639A35A7733D62BF07979B3208B6763A336D16B71B83
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 38c886ac89e0e260 (2 x Fabookie)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://nkfd.jahhaega2pp.com/m/llaa25.exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
261
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-05-26 22:37:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d0049ce1-f97a-4460-8f42-567e89a096e5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/392285/
Detection(s):
SecuriteInfo.com.Win64.Trojan-gen.10357.21426.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/88061/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm hacktool keylogger
Link:
https://www.filescan.io/uploads/6471345415b32f900f5f2ddc/reports/47b00511-e6a6-4bfb-bac6-daa80e44404b/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Fabookie
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3e2ba19c-7c76-4155-ab31-ab537bc82d05
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1243513
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-05-26 19:33:38 UTC
File Type:
PE+ (Exe)
Extracted files:
58
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqfjcmigncs2t3uuibhzx3azn4may3vbyoshcjdbjemoalcibvaa._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230526-2h8atshd93/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40
MD5 hash:
72fa10bd951a660d3b64696d0ce2398a
SHA1 hash:
7bb5280cb241c3f71c5d3f68cc18bf17f549bdda
Link:
https://www.unpac.me/results/e21ad91a-d47b-41a9-9192-ffbc94537e09/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/340a91310668a5a9ee94404f9bec196f180c6ea1c3a47124614918e02c480d40

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2639010/
Cape
Cape
https://www.capesandbox.com/analysis/392285/
  
URLhaus
https://urlhaus.abuse.ch/url/2642850/

Comments