MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6
SHA3-384 hash:	550f59fd0acea3c04c8c074febc5ca28b255f1e1f485e82355b967383bdf51a53238c2cebd9e8909e95d68b031af0005
SHA1 hash:	d39853196dd7f2c06c52718b417178b75a6767f0
MD5 hash:	fe2bdf1fc5bef5478a85d3905cb9842d
humanhash:	wisconsin-happy-bluebird-sodium
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	322'048 bytes
First seen:	2023-03-27 14:43:29 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep	3072:P8k/TMYQ0qIN6NtVcOXEK5ULtGyUPj09vJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgP:5Mnt3EPRAPj2voxEvTEPp/F
Threatray	72 similar samples on MalwareBazaar
TLSH	T1D7643B156FB91DB6C016B43F0C6E84524B337827162783F7E496DEAC0EF76E8D466822
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e3b1adeddd75ad92 (15 x Fabookie)
Reporter	jstrosch
Tags:	exe Fabookie X64

Intelligence

File Origin

# of uploads :

1

# of downloads :

258

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-03-27 14:46:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9d280540-7963-4647-9456-a57f707d052b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/377932/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/75236/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

No Threat

Threat level:

2/10

Confidence:

83%

Tags:

setupapi.dll

Link:

https://www.filescan.io/uploads/6421abb723f92296f1f0cd58/reports/8a33abc7-70c8-4659-8e6e-3c1f8cac39a0/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5fca2fe2-5a33-4438-9e19-851c7d0d5c58

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

spyw.troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1202781

Signature

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6/

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=l3afexghrajtipiudz4n3vkokbxdjxydhgojll7z7qyikmohjxda._file

Verdict:

suspicious

Similar samples:

04fd3794814871b31fef000b51e51b6c20ad7646b3c74a585a668f95cf14fa06

0c802565c73fd2fd624ecab818162f8873935308ebc95f3b17fa74a6c582db12

342046d08054fc467fc4b38ab64c4135ae712514b141e7cd87e84168eed8a74a

844b92d102379990f96dd712b1eb2ade90bee0412333a11a74f77723ff4f91f9

902387aa87934a342776e8e81b67323957cb9c1d10288567ca8058a4614a30b0

d3e1e0659ff9d7843f91e722d6e94cff0cbf891ab115b7dc23bde7c52a9ead09

dfafc19065140674c7b3e3ffe533f121fe6b2fe1ffb9c0a2dfc15a9d030a0630

ef75e4193acf86589cfcf6b49d61e88073fd65ca866ed4197da7c5e4b22bac6e

+ 62 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230327-r3514adh69/

Unpacked files

SH256 hash:

5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6

MD5 hash:

fe2bdf1fc5bef5478a85d3905cb9842d

SHA1 hash:

d39853196dd7f2c06c52718b417178b75a6767f0

Link:

https://www.unpac.me/results/906dfbbd-08d9-4686-90e6-060882dbdb55/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5ec0525cc78813343d141e78ddd54e506e34df03399c95aff9fc308531c74dc6

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2565106/

Cape

Cape

https://www.capesandbox.com/analysis/377932/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample