MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76
SHA3-384 hash: 7bc19f3e42d0e59e464d2b8663e4f99c1182f9865a7c9dc699531010ccc116ecc201e837d36cf29229495ef0d5c45341
SHA1 hash: 7a35ea3f5cfe691b697d05ae9d572905b499b02a
MD5 hash: b34eee9addc5a27131585398110ae015
humanhash: sad-low-eighteen-march
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:342'016 bytes
First seen:2023-06-01 05:45:17 UTC
Last seen:2023-06-01 05:46:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 96dc087b97a7c4da2594e3d13a391dac (2 x Fabookie)
ssdeep 6144:2FH8RIT6Fam4StJ3CXDW49wX7SkD4PiaODgKYleQ4vmP:2WdIXDzCd7M5P
Threatray 168 similar samples on MalwareBazaar
TLSH T1B0742981B3DA4038E072C679CEB18363EA767C155B3096DF07609E6A6E73BE0D531B25
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 70ccc9b3a9cce070 (19 x Fabookie, 3 x XFilesStealer, 1 x Pony)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.jahhaega2qq.com/m/p0aw25.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
236
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-06-01 05:47:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d28803e4-3699-4774-a002-31426465b30f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/394278/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67331799.31918.7645.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware keylogger lolbin shell32.dll
Link:
https://www.filescan.io/uploads/6478309c564b36a8ca343587/reports/5220e34e-cd35-4a3c-886a-09e29c2b55eb/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/afe8ec15-d713-4f98-a516-bc928311be1d
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1246574
Signature
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-05-31 20:40:02 UTC
File Type:
PE+ (Exe)
Extracted files:
24
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jhfa6cx7g3adcxco6rru7ynz5tgpyicem5nyfvxuw7gkpuzcfr3a._file
Verdict:
malicious
Similar samples:
0c60fafaf1c7b0309eac08f4e87058a3ab17bbfd1f856275cce8209473367e51
Fabookie
1a8a82f87a9a7cd4b981fc23f41f5a914d630b6e51f7a535637b87b4334343d9
Fabookie
2f463640ede2ba652be4fbadf180af9b992917a4100e702c518405ac9ebe3aa6
Fabookie
541e2f4a8031bf40bf3e37f578ebbdfa62983a92737dfae5fc9c2bc333108a5a
Fabookie
5a663240a0115fcd75f41e48212617143d519faf621150ec0d8281053894f426
Fabookie
83c17cee1126133f3fa7ebb6b8de7ca408dd717fb2d7d743ba1ec9c5333bc951
Fabookie
8e2bc926874b92b005f0b888b096ed4e4a4c7a44b2cc3c02a3dbfb734995d129
Fabookie
b17e2998043a66e679e3715f5651854692c9af593b3c656acefead782118ccdf
Fabookie
eae4b77ea1c206dc0a5fd6c0f34d2eae940b8fd20558aadf67ae4481099db184
Fabookie
ff938a0fd6ce680b7dd06af89b87a4d2b69cfcbf042e783c4f483cbf9dfd653a
Fabookie
+ 158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230601-ggamyscg76/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76
MD5 hash:
b34eee9addc5a27131585398110ae015
SHA1 hash:
7a35ea3f5cfe691b697d05ae9d572905b499b02a
Link:
https://www.unpac.me/results/18fb6ab6-1c75-4eff-a61f-c2c1e414aac3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/49ca0f0aff36c0315c4ef4634fe1b9ecccfc2044675b82d6f4b7cca7d3222c76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2644855/
Cape
Cape
https://www.capesandbox.com/analysis/394278/

Comments