MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5
SHA3-384 hash:	77dbf1acccc35039010023f3ac50497685cd52b4993b37bf51d965ecfd5b784270a380015a04a3ff67c7653824626d95
SHA1 hash:	afa23db3a35650e11c40051908e917c8516483f9
MD5 hash:	62f82c1f3c1400d58ff47dd977d96ee2
humanhash:	april-beryllium-tennessee-orange
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	427'520 bytes
First seen:	2023-03-29 19:11:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff082fef3d15cdd142534440e54d6a28 (30 x Fabookie)
ssdeep	6144:iy8P7sQLwciHM9iT4MKBz3I8JmGerEhgVIXFML:iznUcADrKi6ZerLIX
TLSH	T1E594F609FB7508B5D096C531CDBEC376E272BC835B25930B8241FF6E2EF36216969681
TrID	78.7% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 6.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 5.2% (.SCR) Windows screen saver (13097/50/3) 4.2% (.EXE) Win64 Executable (generic) (10523/12/4) 2.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	04dcd4c282e0f000 (37 x Fabookie)
Reporter	jstrosch
Tags:	exe Fabookie X64

Intelligence

File Origin

# of uploads :

# of downloads :

265

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-03-29 19:18:20 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e47604a1-c899-4464-b593-a1648e047954

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/378596/

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/75647/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

No Threat

Threat level:

2/10

Confidence:

75%

Tags:

evasive greyware shell32.dll

Link:

https://www.filescan.io/uploads/64248d878e162174987d6a79/reports/8219f6ac-83d8-439c-aeed-eb329f4e4a96/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d97b4ce2-ce96-44e1-bbef-72c07678a0a8

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1204630

Signature

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jjvray3ntmxi2isp4latowjodpqbzoxvxgzljv62zn5jn3ox262q._file

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230329-xwh6msbc4t/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5

MD5 hash:

62f82c1f3c1400d58ff47dd977d96ee2

SHA1 hash:

afa23db3a35650e11c40051908e917c8516483f9

Link:

https://www.unpac.me/results/d6042519-48d5-4ac6-ab33-ca65ccd1371b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 4a6b10636d9b2e8d224fe2c137592e1be01cbaf5b9b2b4d7dacb7a96edd7d7b5

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2581804/

Cape

https://www.capesandbox.com/analysis/378596/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample