MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421
SHA3-384 hash: 1b2a81342b78bf9ee812099c9cc75f637d5f22708ff92299eef2b40ddb9344c609e079dc7834d94278a1ee16c53c290b
SHA1 hash: d636fac2bfadd0793635d2478d1b490108d9d0ea
MD5 hash: 2f6672ffbb5a72495f99180f3c2206ef
humanhash: ack-north-king-twenty
File name:2f6672ffbb5a72495f99180f3c2206ef.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:405'504 bytes
First seen:2024-01-15 16:11:03 UTC
Last seen:2024-01-15 17:25:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep 1536:XyK9MKyCC4UuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6uR:XX9MLxuBXnAYy4AZ6qqvcgJFW
Threatray 618 similar samples on MalwareBazaar
TLSH T10C84DD64F0B6ECB3DA126B7039FCF91C91AD71551386868E365AF0B692D330031DDBA9
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
2
# of downloads :
322
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/470958/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader46.47727.15787.20823.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin shell32 swrort
Link:
https://www.filescan.io/uploads/65a5591d3c61cd5b4250e9ef/reports/8da1a3a6-aef1-4c50-b77b-a705016b533a/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/48656570-40a5-4196-bd09-eaaefde29096
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1374875
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421/
Threat name:
Win64.Trojan.PrivateLoader
Create hunting rule
Status:
Malicious
First seen:
2024-01-15 12:58:43 UTC
File Type:
PE+ (Exe)
Extracted files:
28
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mxo3cfud2kz72uawqfs2uc2qzuwmpn5duzhy72yg5vihrc66kqqq._file
Verdict:
suspicious
Similar samples:
7da786b32ec861208fc6a01b94d4eee4867b26dabfe214b66c9009b2f0222050
Fabookie
8302d62f0ccd3c416440e413b641e698172e5258c81f1271da5fa782c034cc15
Fabookie
86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
Fabookie
8f0f0b3f99aa73ac9ec10753ebdd4043805e470768b8697659801b5c4d516685
Fabookie
fb3826c5caf9c4ae35f4819410905fa6a19617272edee37d9341a69e64b8a73c
Fabookie
+ 608 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/240115-tmycesbhe9/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421
MD5 hash:
2f6672ffbb5a72495f99180f3c2206ef
SHA1 hash:
d636fac2bfadd0793635d2478d1b490108d9d0ea
Link:
https://www.unpac.me/results/8ba25a1f-2fa7-4897-80c3-48bbb7bc1319/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2748308/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/470958/

Comments