MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d
SHA3-384 hash:	736ad846c031d1208b12a716d77e81817c5a9a6aed960ed9abb5eb72096b08f33ac0f77635f137b40db33cabf4871a9c
SHA1 hash:	c94c776de6e738bc6c31e238a1d3e1447579a260
MD5 hash:	9f5edeb9c5a4c7a714e567033f7b7029
humanhash:	fish-yankee-yankee-burger
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	216'064 bytes
First seen:	2023-05-19 10:02:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4fd11f5c9a089e7b45c77cd8b5fde1cf (6 x Fabookie)
ssdeep	3072:XPK40EkykKqUa9antF5hvvJkuXpqQhJkKqUa9antF5hvvJkuXpv:/aVKq99UF5hvv/zh6Kq99UF5hvv/
TLSH	T13624AE80F391E195D15E8175C927CAB86262BC1C9A345BBBF294BB5F2E313C74036E27
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	403ef898cee83081 (7 x Fabookie)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://kkfd.ase6gasdegoo.com/m/llaa25.exe

Intelligence

File Origin

# of uploads :

# of downloads :

255

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2023-05-19 10:03:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/656c9197-5513-4ef0-ba66-fc83986f0545

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.28593.6926.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/85669/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

CheckCmdLine

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

89%

Tags:

lolbin shell32.dll

Link:

https://www.filescan.io/uploads/646749576afc92605683a8cf/reports/5fe0ffbc-d7d0-4d1f-8f43-720ba0358b7c/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1949d783-ccf1-4680-a918-f00d8b37a605

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1237048

Signature

Antivirus detection for URL or domain

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-05-18 15:53:05 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qo6go6khhebbwutakztlrqyusf7l6ohleyfv3hrourfwyjimquoq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230519-l3b55adc25/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d

MD5 hash:

9f5edeb9c5a4c7a714e567033f7b7029

SHA1 hash:

c94c776de6e738bc6c31e238a1d3e1447579a260

Link:

https://www.unpac.me/results/becaf435-d44b-428d-bafb-6f0ec64a86fa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/83bc67794739021b52605666b8c314917ebf38eb260b5d9e2ea44b6c250c851d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2636026/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample