MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385
SHA3-384 hash:	688d3d115f06bde4469a5bd4041769f27cc4a1455cd2e0ef0dcca49bd53a634a78bda160718e19ac8c9c740ae214b9e1
SHA1 hash:	6808b8cae07c31bbc886b92e81b7f93fd24e7fb7
MD5 hash:	8b88b2436809e4e15539e77c90a49762
humanhash:	bulldog-kansas-uniform-football
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	457'728 bytes
First seen:	2022-11-05 14:37:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ab827f268ee2227dcb71e61782e5d3a9 (2 x Fabookie)
ssdeep	6144:C8aMyDtA0r3XIMxEZ/mRfhTOWm5t5kktgRGerEhgVIXFML:C5lIuEZ/miN5Z5erLIX
Threatray	208 similar samples on MalwareBazaar
TLSH	T1E1A41819FBB448E0C196C635CDBE827BE272BD830A15930B4255FF9E3FF351069A9681
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
dhash icon	04dcd4c282e0f000 (37 x Fabookie)
Reporter	jstrosch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

138

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

https://urloso.com/2hp0pb

Verdict:

Malicious activity

Analysis date:

2022-11-05 14:04:17 UTC

Tags:

loader redline stealer opendir evasion

Link:

https://app.any.run/tasks/a775b99d-7749-44a7-a296-ae1e7354271b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/329109/

Detection(s):

Win.Downloader.Upatre-9880459-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Sending an HTTP GET request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/48949/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

evasive greyware obfuscated shell32.dll

Link:

https://www.filescan.io/uploads/6366754b15611f8d8bf905c7/reports/ed33c100-eb67-46bc-87df-0fac5cf6f534/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/ca0ca1bc-7e89-46cb-9e78-a9779a3b30fb

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1106168

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2022-11-04 11:26:09 UTC

File Type:

PE+ (Exe)

Extracted files:

110

AV detection:

14 of 41 (34.15%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=okryw6y4cs5yteukj7fmozgqqhiltx3jpuibariubkubx2biuocq._file

Verdict:

malicious

Fabookie

0b02ee845979ac47a24ca742ca8ff6c6cea8cc6f55d89f84029050cc52ce6df8

Fabookie

3b4c1d0a112668872c1d4f9c9d76087a2afe7a8281a6cb6b972c95fb2f4eb28e

Fabookie

53379b36716f384e530dae9ec883c459d0c12f0260116614a0482ded7d9b5ba9

Fabookie

5e69583874b33475ff03d5e86c6805bd7d60daeac0071138ac62ca0d60131899

Fabookie

86890f5d0dc15d61b23cef3a33334a22fd11a729d8831f3eb9d8b54ffb48fa98

Fabookie

8ed9f410b41e51f09304e5cdadc4d61f82562c9ee15be810e063f2f568812dd0

Fabookie

9df3408b1000950b400430c06b7b7bb0b2f54dc7371e877fdf5f8453797a7692

Fabookie

ed00cd1148a9f1c60d5f622a1e255d63cf63bf119abb7125a8ac1bab2c7da416

Fabookie

+ 198 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/221105-rzq3rsaeap/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/a6c7c852-8ce3-4a20-801d-b75ef048ebe1

Unpacked files

SH256 hash:

72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385

MD5 hash:

8b88b2436809e4e15539e77c90a49762

SHA1 hash:

6808b8cae07c31bbc886b92e81b7f93fd24e7fb7

Link:

https://www.unpac.me/results/66c692c1-841d-40f1-8548-db6f0669328b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 72a38b7b1c14bb89928a4fcac764d081d0b9df697d101045140aa81be828a385

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2400274/

Cape

https://www.capesandbox.com/analysis/329109/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample