MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
SHA3-384 hash: c49daae0d602bfe3d932dd12250f57236df41fb5b75d9b84129a2de12262467d9f37331e04bd9c66c7b5c6b7431116cc
SHA1 hash: ec6ad15861d2bf3ca3bea06e8dabb654fc0bd6c0
MD5 hash: ec26f3d39e4631f0b6aca3366bc3620a
humanhash: low-bravo-quiet-sad
File name:ec26f3d39e4631f0b6aca3366bc3620a.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:956'928 bytes
First seen:2023-06-27 06:58:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash de5ffdef0b7fe6105bfe44941d62fcd6 (7 x Fabookie)
ssdeep 12288:77214bUY0DpDE3T51qviizQBODAFZCYylk25ZERX7s5Zx5Z25ZO:H+3wT5kRzAFncToc5Yw
Threatray 258 similar samples on MalwareBazaar
TLSH T1B515AD4377548885E04D45348DABCBB9E6B17C207B2C43A773B2BB4F6E32AD16512F4A
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon fa6ada9a9ab0f8e0 (9 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ec26f3d39e4631f0b6aca3366bc3620a.exe
Verdict:
Malicious activity
Analysis date:
2023-06-27 06:59:31 UTC
Tags:
fabookie
Link:
https://app.any.run/tasks/cc629258-2a30-4db3-b365-9a69e3802953

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403139/
Detection(s):
SecuriteInfo.com.Win64.Malware-gen.20493.4394.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
keylogger lolbin shell32.dll
Link:
https://www.filescan.io/uploads/649a88b813624018c6cb4feb/reports/ef152e51-c177-4673-9db3-35abe539216c/overview
Verdict:
Malicious
Labled as:
Generik.BOEHFNO trojan
Link:
https://www.hybrid-analysis.com/sample/55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/71e1f2ad-92bb-44a9-8da8-d92c483b244b
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1261861
Signature
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d/
Threat name:
Win64.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2023-06-26 23:37:20 UTC
File Type:
PE+ (Exe)
Extracted files:
407
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kx5oo56xjj3kugbkz2bfiebmbrndclrc2kdcrlcwkyoxtum7zfoq._file
Verdict:
suspicious
Similar samples:
2b21d02167f4e5bb4754d83bf9d69bcbd09b5a1507ab8045eaefb1980ecb989f
Fabookie
32baad0c616cbbb5bc145a6d746bed7f77c5131b0cc29b780cd8384816b78d23
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
62df74714cd81842088313cb600f935d37a851b7faffba085303346877ff2a9f
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
bceba3b1d8dd231a77a017f46c807b30e50e1244f29628e09be6518598b1fb8f
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
Fabookie
fe51caf5491e7f38b524ed374c6c9701700a9fa9c8f950379424fae99de0ced2
Fabookie
+ 248 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230627-hr3l6add27/
Behaviour
Suspicious behavior: EnumeratesProcesses
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
MD5 hash:
ec26f3d39e4631f0b6aca3366bc3620a
SHA1 hash:
ec6ad15861d2bf3ca3bea06e8dabb654fc0bd6c0
Link:
https://www.unpac.me/results/fd5c56f4-ebf0-4f3f-8e6f-2eb2e971245b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2642466/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/403139/

Comments