MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176
SHA3-384 hash:	be971ef88e0109a09ebfa568cc114633c788ada3852ba075853835f9fe2d343c19426d1f0b3115b0b96aea49eda477c8
SHA1 hash:	b8ce0b4e7e200074893195f1f93240ab0116a78f
MD5 hash:	2337a2e33007fc4f675ef77ba4ed03ba
humanhash:	comet-four-beryllium-cola
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	406'528 bytes
First seen:	2023-09-12 19:22:09 UTC
Last seen:	2023-09-18 07:09:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep	1536:qyK9MV0CXyPuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6u7:qX9M1CPu2XnAYy4AZ6DvcgJFW
Threatray	520 similar samples on MalwareBazaar
TLSH	T14684DD64F0B2ECB3DA126B7039FCF91C91AD71551386869E365AF0B692D330031DDBA9
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter	andretavare5
Tags:	171-22-28-208 exe Fabookie

andretavare5

Sample downloaded from http://ji.alie3ksgbb.com/m/ela205.exe

Intelligence

File Origin

# of uploads :

# of downloads :

310

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-09-12 19:23:51 UTC

Tags:

fabookie stealer

Link:

https://app.any.run/tasks/b933d3c6-0934-4111-ac9c-77771be10d1f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/448252/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.60932.10619.22068.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending an HTTP GET request

DNS request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin shell32 swrort

Link:

https://www.filescan.io/uploads/6500ba96bde819a1d928cad2/reports/05092497-ae0d-4aa1-af78-b71460fc3be5/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/3e2f12e7-164d-4d03-852e-13c7f3ce0ef5

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1308498

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2023-09-12 17:18:41 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

21 of 36 (58.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nmvg3dpaf2woqwsn2dgevwjk7344sy6tc6z6nv2e56ej7xb7af3a._file

Verdict:

malicious

Fabookie

55b9813d1377b90813fee3e75da65c9e66666b48aa0b73676ff9af7b0b87474a

Fabookie

7b0efba8c51a5f83078f28a6db7129d43db9d4ae71818e2f5fb755dc721880dc

Fabookie

a47a44fa64fb011abca6e81d17646153861e56c5f4d5c3f798e5d5399b569b97

Fabookie

ba6576e842991fd627ffb782ae60a4c694c77b963c5afc73bc358c2cb27c3b57

Fabookie

e10be62dd99f927dc48568c4ec02966c35577ae42a9184b44f5f72b502b7c07b

Fabookie

fbd0a287a85f2099df62a8d02e4a0e46e0ded0fa250fb851c378471dc90c4921

Fabookie

+ 510 additional samples on MalwareBazaar

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230912-x3scwshg49/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176

MD5 hash:

2337a2e33007fc4f675ef77ba4ed03ba

SHA1 hash:

b8ce0b4e7e200074893195f1f93240ab0116a78f

Link:

https://www.unpac.me/results/a1009341-b4c5-4887-9d45-8b1fc526652a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2708738/

Cape

https://www.capesandbox.com/analysis/448252/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample