MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d
SHA3-384 hash:	628e635cf8b0ac0c382198365b676f5b0362b8cd6c7269beb6ccb416f4b53ca807337a3eeb4f0a61a23f6db47c4d2a47
SHA1 hash:	6c42dcf4e9479d3684773343502ec340dadf7cc7
MD5 hash:	eafb7a0308b02a2a5a4aa507da675ae4
humanhash:	texas-high-magnesium-ohio
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	322'048 bytes
First seen:	2023-03-27 14:43:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep	3072:P8k/TMYQ0qIN6NtVcOXEK5ULtGyUPj09vJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgP:5Mnt3EPRAPj2voxEvTEPp/F
Threatray	72 similar samples on MalwareBazaar
TLSH	T15E643B156FB91DB6C016B43F0C6E84524B337827162783F7E496DEAC0EF76E8D466822
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e3b1adeddd75ad92 (15 x Fabookie)
Reporter	jstrosch
Tags:	exe Fabookie X64

Intelligence

File Origin

# of uploads :

# of downloads :

251

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-03-27 14:46:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0cefe9e4-1948-4870-a151-40033a02c0cd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/377929/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/75233/overview

Behaviour

MalwareBazaar

SystemUptime

MeasuringTime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

setupapi.dll

Link:

https://www.filescan.io/uploads/6421abb480ca4ca1ff59a36c/reports/87e4f166-e9a2-4823-a3f5-3bab27e92338/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3fbade90-8100-47ff-b5d5-1c4747782d0e

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1202784

Signature

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-03-27 13:12:19 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pflzdfzsimljekaywk2h2iiegmxqe2lq5jf3nizfsb4ks2af2z6q._file

Verdict:

suspicious

Fabookie

0c802565c73fd2fd624ecab818162f8873935308ebc95f3b17fa74a6c582db12

Fabookie

342046d08054fc467fc4b38ab64c4135ae712514b141e7cd87e84168eed8a74a

Fabookie

844b92d102379990f96dd712b1eb2ade90bee0412333a11a74f77723ff4f91f9

Fabookie

902387aa87934a342776e8e81b67323957cb9c1d10288567ca8058a4614a30b0

Fabookie

d3e1e0659ff9d7843f91e722d6e94cff0cbf891ab115b7dc23bde7c52a9ead09

Fabookie

dfafc19065140674c7b3e3ffe533f121fe6b2fe1ffb9c0a2dfc15a9d030a0630

Fabookie

ef75e4193acf86589cfcf6b49d61e88073fd65ca866ed4197da7c5e4b22bac6e

Fabookie

+ 62 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230327-r35qbsga3t/

Unpacked files

SH256 hash:

79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d

MD5 hash:

eafb7a0308b02a2a5a4aa507da675ae4

SHA1 hash:

6c42dcf4e9479d3684773343502ec340dadf7cc7

Link:

https://www.unpac.me/results/b4133981-c543-4d41-9699-699811de5a29/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 79579197324316922818b2b47d2104332f026970ea4bb6a3259078a96805d67d

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2563418/

Cape

https://www.capesandbox.com/analysis/377929/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample