MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40
SHA3-384 hash:	3097731bc74225579a6a54ffd6722a52cdd84be24e397f611ddb607a255268e93f9fd63b0932c1e0b21b17c42116ad5a
SHA1 hash:	84aa24bcaadf0d8d818abcdef50563fac724c0cc
MD5 hash:	f2ae3234c028d00361a654f755639af8
humanhash:	freddie-river-aspen-green
File name:	f2ae3234c028d00361a654f755639af8.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	649'728 bytes
First seen:	2023-08-28 09:14:36 UTC
Last seen:	2023-08-28 09:39:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	20a03a21823d3b586003fbd55dedc73d (11 x Fabookie)
ssdeep	12288:TeE9CMmn1yBvivHTPjPTXzGRDJcqMuGEPnW:qE9jmn1AuPjPTjGRSqMupnW
Threatray	465 similar samples on MalwareBazaar
TLSH	T170D47D51E2E44096D066C13ECA63D766E6707C585B209FCB0250EA6E3F33BE1F936726
TrID	31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.5% (.SCR) Windows screen saver (13097/50/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 9.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	900ae0f2b3f200c0 (11 x Fabookie)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

252

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

f2ae3234c028d00361a654f755639af8.exe

Verdict:

Malicious activity

Analysis date:

2023-08-28 09:22:48 UTC

Tags:

fabookie stealer

Link:

https://app.any.run/tasks/eaea5b08-66e0-426c-a635-ab6a31ee9a51

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/444865/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.61774.28721.1759.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

crypto evasive fabookie greyware lolbin shell32

Link:

https://www.filescan.io/uploads/64ec659a7444d2eb09f27ead/reports/2d36036b-9bf9-4b69-8451-adc14f766cac/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/63d11983-7bae-432b-af26-f77103411ad8

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1298571

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40/

Threat name:

Win64.Trojan.PrivateLoader

Status:

Malicious

First seen:

2023-08-27 06:49:05 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ogh3cwnaqaxvmn3zjfrujn36kdhhl47baegickkyoybsclhyzzaa._file

Verdict:

malicious

Fabookie

645168fedeed9948b5103f10d52c9adf1133358e1b1ab4ac0893dd3bb73b2df5

Fabookie

6d382caf21dcbe7dbae511e238852798c9b11b69cbc02ff46916e7c47f24c8e2

Fabookie

ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0

Fabookie

adeeb5ab4974433126bf0c2d15234dc13fcd577217babbf0d352517ec588b7af

Fabookie

ccb26ef88dfff6653b7b2fc0bbd36ef58a4c8db24c9011f8c7d577dbe544cc3b

Fabookie

d440158b91d965693007b539131704b3bdd72e864b5adc1c0e230213acd3d97b

Fabookie

ee1e789a40e3cc8ff607726cbe0a8b72b86a51e933787a7074ac6c0b58bc59c7

Fabookie

fec5e8cb13f8418df2d3c2188c40eb2844084b02bdd9f2a899690b3a7b25986c

Fabookie

+ 455 additional samples on MalwareBazaar

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230828-k7wvnabb34/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40

MD5 hash:

f2ae3234c028d00361a654f755639af8

SHA1 hash:

84aa24bcaadf0d8d818abcdef50563fac724c0cc

Link:

https://www.unpac.me/results/cded5204-27e6-4877-9dbc-f70358c22ee9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/718fb159a0802f563779496344b77e50ce75f3e1010c8129587603212cf8ce40

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.