MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6
SHA3-384 hash:	cb3f0a60227be9c9bf15c588b8b1ba0bdd07f8f8bb315a188544248837b9ad6c8b4c589358e5231a3e02cacc48e2205c
SHA1 hash:	4fc73ac5579d4599e20857b5ff50a723b2f914a6
MD5 hash:	252403625ebdffcfdbf2abdff6c5a5c4
humanhash:	saturn-stairway-jig-seventeen
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	406'528 bytes
First seen:	2023-08-31 14:07:35 UTC
Last seen:	2023-09-01 08:33:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep	1536:9yK9MVjVtuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6uCWt:9X9MxugE+nAYy4AZ6DvcgJFW
TLSH	T14D84DD64F0B2ECB3DA126B7039FCF91C91AD71551386869E365AF0B692D330031DDBA9
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://jjz.alie3ksgbb.com/m/iela2f5.exe

Intelligence

File Origin

# of uploads :

# of downloads :

289

Origin country :

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-08-31 12:44:25 UTC

Tags:

privateloader evasion opendir loader risepro stealer redline fabookie

Link:

https://app.any.run/tasks/38f0126a-721d-4215-8609-6d9c7edcec14

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/445485/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.17807.32060.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin shell32 swrort

Link:

https://www.filescan.io/uploads/64f09ec3611c4e16e112174b/reports/706eeb8f-3a9d-4d73-801a-6ff748187865/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/03cf8c1d-c3c4-4b68-bf13-7e2d32191964

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1301096

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2023-08-31 11:15:04 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

17 of 38 (44.74%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ly4amxqvls5a2cvfnmqzcwodhug4li56532lgfri6ctmhtwxwhla._file

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230831-rfjjksfa61/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6

MD5 hash:

252403625ebdffcfdbf2abdff6c5a5c4

SHA1 hash:

4fc73ac5579d4599e20857b5ff50a723b2f914a6

Link:

https://www.unpac.me/results/2fd088c0-3416-4db8-802f-d00c306342e3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5e38065e155cba0d0aa56b219159c33d0dc5a3beeef4b31628f0a6c3ced7b1d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2706324/

Cape

https://www.capesandbox.com/analysis/445485/

URLhaus

https://urlhaus.abuse.ch/url/2708738/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample