MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments

SHA256 hash: 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad
SHA3-384 hash: 3efd2cfa6dc53cf3d26763b89996ee8852eec70761f3980548815126d70de8383e25c6d83e47550e8fad17f3c67977cb
SHA1 hash: c0e321af9370dbe199b8b45d6043073088f72437
MD5 hash: 93f4f114539d62327f03c6c49f3c12e8
humanhash: jersey-harry-lake-eight
File name:93f4f114539d62327f03c6c49f3c12e8.exe
Download: download sample
Signature Fabookie
File size:669'229 bytes
First seen:2023-08-13 07:53:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep 12288:wcdtP2eKp/lCtd8l8tawD1U2bBrJAxveI5uYkQSY:RO3/lIt1hXbBrWxv01Y
Threatray 433 similar samples on MalwareBazaar
TLSH T1B2E4BF156FB918B7C017B83B0C6D45914B337C13162783F7A496FEAC4EFB6E98066922
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 71f0e0e8c8c4e871 (2 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence


File Origin
# of uploads :
1
# of downloads :
264
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
93f4f114539d62327f03c6c49f3c12e8.exe
Verdict:
Malicious activity
Analysis date:
2023-08-13 08:13:39 UTC
Tags:
payload fabookie stealer

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Gathering data
Result
Threat name:
Fabookie
Detection:
malicious
Classification:
troj.spyw
Score:
84 / 100
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Threat name:
Win64.Trojan.Swrort
Status:
Malicious
First seen:
2023-08-12 07:29:11 UTC
File Type:
PE+ (Exe)
Extracted files:
29
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Result
Malware family:
fabookie
Score:
  10/10
Tags:
family:fabookie spyware stealer
Behaviour
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad
MD5 hash:
93f4f114539d62327f03c6c49f3c12e8
SHA1 hash:
c0e321af9370dbe199b8b45d6043073088f72437
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad

(this sample)

  
Delivery method
Distributed via web download

Comments