MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad
SHA3-384 hash: 3efd2cfa6dc53cf3d26763b89996ee8852eec70761f3980548815126d70de8383e25c6d83e47550e8fad17f3c67977cb
SHA1 hash: c0e321af9370dbe199b8b45d6043073088f72437
MD5 hash: 93f4f114539d62327f03c6c49f3c12e8
humanhash: jersey-harry-lake-eight
File name:93f4f114539d62327f03c6c49f3c12e8.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:669'229 bytes
First seen:2023-08-13 07:53:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep 12288:wcdtP2eKp/lCtd8l8tawD1U2bBrJAxveI5uYkQSY:RO3/lIt1hXbBrWxv01Y
Threatray 433 similar samples on MalwareBazaar
TLSH T1B2E4BF156FB918B7C017B83B0C6D45914B337C13162783F7A496FEAC4EFB6E98066922
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 71f0e0e8c8c4e871 (2 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
263
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
93f4f114539d62327f03c6c49f3c12e8.exe
Verdict:
Malicious activity
Analysis date:
2023-08-13 08:13:39 UTC
Tags:
payload fabookie stealer
Link:
https://app.any.run/tasks/f0bf0894-259b-4bf9-af4c-1c8ab26af563

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/442471/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68664761.10955.12882.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2efa8dcc-fe5d-44c7-95cf-2f1d76f203d8
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1290630
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad/
Threat name:
Win64.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2023-08-12 07:29:11 UTC
File Type:
PE+ (Exe)
Extracted files:
29
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkfwupudp3mns54xhtbyljonvdxxqflzsqzd2fjocv7ou4knawwq._file
Verdict:
malicious
Similar samples:
05229eb55c61b01e7b7b9decd04435bc7fde4991b4430549bc7c64882eff63d8
Fabookie
0bc3689575acffde20abb2ff8db97b9698b07fc0e2f64a04ef10dea26fe64d87
Fabookie
2a4bbe018dc6c5d1af64a4773bd8a7fccba71d19780177308b29b2abea4d33e1
Fabookie
3995ed61d4b3901bfacb5a8d36500664c1145c6287f8eba5f0077ef1b780355c
Fabookie
8a2e061b3b38dff83f62982a6b0087e5c4ea1c47192bf0ac2f8f67397636b164
Fabookie
ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
ca26e44c17842303c3960abd21b966ede71d30a2f1100f72580a863f5993e28e
Fabookie
fec5e8cb13f8418df2d3c2188c40eb2844084b02bdd9f2a899690b3a7b25986c
Fabookie
+ 423 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230813-jrjpqabh2t/
Behaviour
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad
MD5 hash:
93f4f114539d62327f03c6c49f3c12e8
SHA1 hash:
c0e321af9370dbe199b8b45d6043073088f72437
Link:
https://www.unpac.me/results/cef60508-57eb-496b-8dce-3b223699ab6c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2642466/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/442471/

Comments