MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
SHA3-384 hash: 4ff3c79e339cf0ad42d30a7ade4dae95e280d2a5627739cd9754a4a0ebaaf125268537cce0a07f1b934f6394dda157c3
SHA1 hash: c85f8a7e617dee6dd76f6574ebc3652ecc6d956a
MD5 hash: f1e554860ce8e8085935cc9a01429cdb
humanhash: september-golf-happy-stairway
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:348'160 bytes
First seen:2023-06-03 13:49:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f3c11bfd4e970edf440aec1f2cc2b6fd (1 x Fabookie)
ssdeep 6144:P5Ky1YQ7eWdfRqBgsdV9/rpq+tgqa454ecqY/W5R02qO7V6CjhQ:Pcy1YQ7eWdfRJsdLFDtZa0cq33j
TLSH T1B674AE6236D550A5C2A98132C996C3A946F1BC002F255FCF6231F64E3E372F59E3936E
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 1cb6b66ccc8cac4c (1 x Fabookie, 1 x Arechclient2)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.jahhaega2qq.com/m/p0aw25.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://usml.ca/download/File_pass1234.7z
Verdict:
Malicious activity
Analysis date:
2023-06-02 13:58:05 UTC
Tags:
evasion privateloader opendir rat redline gcleaner loader amadey trojan stealer lumma miner tofsee smoke ransomware stop
Link:
https://app.any.run/tasks/ef2adbda-cbaa-4c29-a57a-429d5eeeff76

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/395194/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67357381.28963.26753.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/89209/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin shell32.dll
Link:
https://www.filescan.io/uploads/647b450b79c7ef5a086c151b/reports/773d2d3f-9ee4-4c07-9055-2df72c49538c/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/64b61b77-2a4b-4c27-a588-cb79fe025b87
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1248137
Signature
Detected unpacking (creates a PE file in dynamic memory)
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-06-02 16:01:06 UTC
File Type:
PE+ (Exe)
Extracted files:
80
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mtkfxq4njjhgbir3wx5anivzt3caxwdmr4gn27dionvldeswtzeq._file
Verdict:
malicious
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230603-q48ypshc7w/
Behaviour
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
MD5 hash:
f1e554860ce8e8085935cc9a01429cdb
SHA1 hash:
c85f8a7e617dee6dd76f6574ebc3652ecc6d956a
Link:
https://www.unpac.me/results/2c15e275-97cd-4c18-ab8b-a555d99be4ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/395194/
  
URLhaus
https://urlhaus.abuse.ch/url/2644855/

Comments