MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef
SHA3-384 hash: c61ec7db24d268a8e72e59e831d995712bc698dc824ce23af385ec1be0d4831169c83f77006d3890e07e0a64193b5997
SHA1 hash: 81e7c3c19a271fd06288c18919e18f6e92ac277e
MD5 hash: d188ead23acae9b6706447d51113cf73
humanhash: salami-johnny-orange-stream
File name:d188ead23acae9b6706447d51113cf73.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:731'136 bytes
First seen:2023-07-31 07:21:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 54a4a8876d1423c6fa95d6828708dd32 (5 x Fabookie)
ssdeep 12288:cwtKWXYdS6i1IqB+lcXEpcDbeejlzUo/iENOeQiV1m:dNCO+lnafeeyov4eXV
Threatray 388 similar samples on MalwareBazaar
TLSH T17BF49E01B6A498B5D079C235CD13CBB69A703C605F508ADB7364FB5E2E333E2953AB19
TrID 44.6% (.EXE) InstallShield setup (43053/19/16)
17.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.5% (.SCR) Windows screen saver (13097/50/3)
10.9% (.EXE) Win64 Executable (generic) (10523/12/4)
5.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon aab2e3e7a323aac0 (5 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d188ead23acae9b6706447d51113cf73.exe
Verdict:
Malicious activity
Analysis date:
2023-07-31 07:24:45 UTC
Tags:
installer payload fabookie stealer
Link:
https://app.any.run/tasks/99d67725-6f11-492d-94b5-4e1b2b9e0add

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/439348/
Detection(s):
SecuriteInfo.com.Trojan.SuspectCRC.2577.10717.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
keylogger lolbin shell32
Link:
https://www.filescan.io/uploads/64c7611b6635e735db26a73b/reports/62be5084-589d-4a49-ba2a-96aca337dc76/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/88a2a8e1-90f5-4941-ba92-2c6d61cf0ac9
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1283011
Signature
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mm43t7cgvjrs6mcuewnzuryspzbti6ptn7ss373yuvkfaxfic7xq._file
Verdict:
suspicious
Similar samples:
0c94b6af18776b468cf320c4404e542cdbe1e8ef3e988b3cf2a6a8ea9c6804c7
Fabookie
23392bff27ee35d1741c5e8ebeeca33695510b025ef71e1eb0131cb82b6b26ed
Fabookie
385085d13fce8c2645337c072a9178fa3adc98b1382b9c7c9c29c3c3c1177dd2
Fabookie
5aad31095b0b9a429fed8773a233eb872868467d33f52b9d6f6e7fa078092011
Fabookie
808ff54f7fb199adb18413322e1e530742522cc083d5e1706c872b99a879439d
Fabookie
8d8ae453a5773f10fddff520a45326b3d665f79e707898fa0e09b28084bfb1f9
Fabookie
a07c7ceca330c2c46b54cf70b047503d02d76475d22c0b0bb6f6f2dfc5c05b5d
Fabookie
b3216b636dd338d24b69c9ad859f96a3f2692f1fe642292d45a433faf0613688
Fabookie
c6f1c4643dcc47ecfe495407c7ef7fcdae641f554ff005cac496695c9a3b6acf
Fabookie
cfb5c20ec8d95c35f7edb8743084d4491e43c62c575cf0102b4f6781c50689de
Fabookie
+ 378 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230731-h69c9aec2s/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Uses Task Scheduler COM API
Drops file in System32 directory
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef
MD5 hash:
d188ead23acae9b6706447d51113cf73
SHA1 hash:
81e7c3c19a271fd06288c18919e18f6e92ac277e
Link:
https://www.unpac.me/results/f2f7b4ac-49f9-4a07-af5e-8b7b1bb7686e/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 6339b9fc46aa632f3054259b9a47127e433479f36fe52dff78a554505ca817ef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2675826/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/439348/

Comments