MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0
SHA3-384 hash: ef54395f19b75067848a9fd25bfe35d8fcac9feec60953c672d9b1d690e90b2b367d7868ade739fd7e721a14bd5c526e
SHA1 hash: 590804a9ff46cd741d744c08b1b3206d6a1d174f
MD5 hash: dca90df826b6480abf70e86501026fef
humanhash: alanine-oven-mango-october
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:425'472 bytes
First seen:2023-06-14 18:22:16 UTC
Last seen:2023-06-15 11:42:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 67b7b2d1b0bb5ded11518dee2d176bb5 (1 x Fabookie)
ssdeep 6144:fywNPsQLwc3HMp4iT4MKLz3I8JMGxerEhgVIXFM:fX1Uc3eFrKo6DerLIX
Threatray 191 similar samples on MalwareBazaar
TLSH T1DD941849FB7408B5D096C531CDBE8376E272BC831B25930B8641FF5E2FF362169A9681
TrID 31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.5% (.SCR) Windows screen saver (13097/50/3)
19.7% (.EXE) Win64 Executable (generic) (10523/12/4)
9.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 04dcd4c282e0f000 (37 x Fabookie)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.jahhaega2qq.com/m/p0aw25.exe

Intelligence

File Origin
# of uploads :
10
# of downloads :
273
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-06-14 18:25:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/70f63e15-04a4-4db0-bbf6-de0120b5cc23

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/398936/
Detection(s):
SecuriteInfo.com.Win64.Trojan-gen.1909.2363.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Query of malicious DNS domain
Launching a tool to kill processes
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/90741/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive greyware lolbin shell32.dll
Link:
https://www.filescan.io/uploads/648a058790acee489f788721/reports/5224836e-08e4-480f-a076-0b4b34c9edbf/overview
Verdict:
Malicious
Labled as:
HVM:TrojanDownloader/Jeoigaa.a
Link:
https://www.hybrid-analysis.com/sample/5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7f3e0937-ad65-4564-9007-02e2f309a8f9
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1254770
Signature
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-06-14 17:19:40 UTC
File Type:
PE+ (Exe)
Extracted files:
109
AV detection:
18 of 36 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=loofgdfk636tx7ecismf2huiyayefjz4kxozo5c6u5e4glfgxdqa._file
Verdict:
suspicious
Similar samples:
0875f2085b2f40b96db96d317cfdd1d870541182d4200de33fae9cbefaf07797
Fabookie
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
Fabookie
0fe82d10bd3a8156f1953f239d6afb87ede65c2f9b83bc76aed9a7f09ef55f26
Fabookie
1adda3b870c28e6ae33226565b2f31ebfed65adf7a530a883404021104714746
Fabookie
33f93086c8ad0c614e01c503d5c299b5fc86c480007597756de02884bccc5e67
Fabookie
56a337b72603f3c64d01687525a5159b7e6ca99e1218fceee30e4add7062995b
Fabookie
5f2e2a92401ea7488c47caffc88acce66e4e66c6c631ff44a35859ff8a4b66ac
Fabookie
64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
Fabookie
c5ed5ae369da1d7784e5750e5da0ff898b438b79a7875590cad8bdd6af3e99f4
Fabookie
e3d9fe1d6d23c0641c40e3b3eeda4b08f47f6b93e4afad127436fbaf61a7df4a
Fabookie
+ 181 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230614-w1fqmscd32/
Behaviour
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0
MD5 hash:
dca90df826b6480abf70e86501026fef
SHA1 hash:
590804a9ff46cd741d744c08b1b3206d6a1d174f
Link:
https://www.unpac.me/results/1f41635f-89fb-429a-b347-776e29b0833f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b9c530caaf6fd3bfc8244985d1e88c03042a73c55dd97745ea749c32ca6b8e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2644855/
Cape
Cape
https://www.capesandbox.com/analysis/398936/

Comments