MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e
SHA3-384 hash:	9d1e73743f4a86c0a12b4c9c697154b8ad4e21cab7668d1e4f269046ed6ba261b6a55692c9764d0180c5652737284ff6
SHA1 hash:	8cf40dc12117e56aea899ddf2c381443d6537d21
MD5 hash:	a14d01d96ea78f39f7e118582dad3cb9
humanhash:	skylark-kansas-hotel-happy
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	343'552 bytes
First seen:	2023-05-11 20:05:14 UTC
Last seen:	2023-05-17 10:43:18 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	77e359c59376704055cd15c273e85720 (2 x Fabookie)
ssdeep	6144:xFH8RIT6Fam4StJ3rXDW49wY7SkzU0iaODgKYleQ4HzP:xWdtXDzCwGMAP
Threatray	140 similar samples on MalwareBazaar
TLSH	T14C742981B3DA4028E072C679CEB18363EA767C155B3096DF07609E6A6F73BE0D531B25
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	70ccc9b3a9cce070 (19 x Fabookie, 3 x XFilesStealer, 1 x Pony)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://ji.uiasehgjj.com/m/ppls25.exe

Intelligence

File Origin

# of uploads :

# of downloads :

276

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2023-05-11 20:08:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/54f52fff-03d7-445e-8fc4-709f2e78c659

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/388543/

Detection(s):

SecuriteInfo.com.FileRepMalware.20296.30057.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/83580/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware keylogger shell32.dll

Link:

https://www.filescan.io/uploads/645d4aacc895be5a6e069dd5/reports/262e8224-4094-49e7-8d11-66c15045653b/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/de977c7f-a89f-466a-8d13-a9f7a6972879

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1231101

Signature

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e/

Threat name:

Win64.Downloader.Generic

Status:

Suspicious

First seen:

2023-05-11 15:30:53 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

9 of 35 (25.71%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nrrulrxquw7k3rdbmfymq7wiuv354gc5km2flapbwahhflzeye7a._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230511-yvdp7scf8y/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e

MD5 hash:

a14d01d96ea78f39f7e118582dad3cb9

SHA1 hash:

8cf40dc12117e56aea899ddf2c381443d6537d21

Link:

https://www.unpac.me/results/dedb7e25-dd2f-420f-87e8-4f4163b5d712/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2626383/

Cape

https://www.capesandbox.com/analysis/388543/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample