MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5
SHA3-384 hash:	661e8f377883a5167b1fb9a6729e8588d1b065a1291efca7251ebff35f802d6b2e24e429c9b304418ef5b2674819ef1b
SHA1 hash:	1e1ee8c1682b4fd2d9292c2c45839613ccf763f3
MD5 hash:	658a6956c689d51ee4caeb77892d364d
humanhash:	uncle-jersey-floor-sixteen
File name:	658a6956c689d51ee4caeb77892d364d.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	426'496 bytes
First seen:	2023-05-24 15:41:32 UTC
Last seen:	2023-05-25 12:01:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	87e07f586456c6f86711e4a0d5b2636d (1 x Fabookie)
ssdeep	6144:jy0P7sQLwciHM5oiT4MKlz3IVJ3GxerEhgVIXFM:jnnUcAyVrKGjierLIX
TLSH	T168941849FB7408B5D096C531CDBE8376E272BC831B25930B8641FF5E2FF362169A9681
TrID	78.7% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 6.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 5.2% (.SCR) Windows screen saver (13097/50/3) 4.2% (.EXE) Win64 Executable (generic) (10523/12/4) 2.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	04dcd4c282e0f000 (37 x Fabookie)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

241

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

658a6956c689d51ee4caeb77892d364d.exe

Verdict:

No threats detected

Analysis date:

2023-05-24 15:42:21 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2e20b04a-f218-4ece-a6ff-b455576f5459

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/391204/

Detection(s):

SecuriteInfo.com.Win64.Trojan-gen.16990.810.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/87728/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

evasive greyware lolbin shell32.dll

Link:

https://www.filescan.io/uploads/646e304b34dbd150fa629c03/reports/a1b46e5d-ac1b-43ae-a7ae-16c46dab73b2/overview

Verdict:

Malicious

Labled as:

Win64/TrojanDownloader.Agent

Link:

https://www.hybrid-analysis.com/sample/3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1f67000e-dd34-4c15-8676-c9aed6e18a62

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1241828

Signature

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-05-24 15:42:05 UTC

File Type:

PE+ (Exe)

Extracted files:

109

AV detection:

12 of 36 (33.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=hfc7tzfthssk7ovmm54jkh7na6nf2otdafmqhdc57wpfl5kq2lkq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230524-s5bqpsdf6t/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5

MD5 hash:

658a6956c689d51ee4caeb77892d364d

SHA1 hash:

1e1ee8c1682b4fd2d9292c2c45839613ccf763f3

Link:

https://www.unpac.me/results/c1911bcc-dfb7-474e-830c-353b8d94d400/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 3945f9e4b33ca4afbaac6778951fed079a5d3a630159038c5dfd9e55f550d2d5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2639010/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/391204/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample