MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
SHA3-384 hash: ba3f424d3ca262b65f72e7dd3d209d6bff0f4ca533275190d28fab86a1dcfd287a4959d93fac9ba8a73feeefd68e4575
SHA1 hash: f3d05b3acf256be3904239bdec3630c396286d87
MD5 hash: d6d117a179cbf6787eb56aa2156b563d
humanhash: music-speaker-william-ceiling
File name:SecuriteInfo.com.Heuristic.HEUR.AGEN.1316039.15467.7702
Download: download sample
Signature Fabookie
Create hunting rule
File size:405'504 bytes
First seen:2024-01-15 12:50:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep 1536:XyK9MKyCC4UuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6uB:XX9MLxuBXnAYy4AZ6qavcgJFW
Threatray 616 similar samples on MalwareBazaar
TLSH T1BE84DD64F0B6ECB3DA126B7039FCF91C91AD71551386868E365AF0B692D330031DDBA9
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter SecuriteInfoCom
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
299
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/470915/
Detection(s):
SecuriteInfo.com.Heuristic.HEUR.AGEN.1316039.15467.7702.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
fabookie lolbin masquerade shell32 swrort
Link:
https://www.filescan.io/uploads/65a52a383c61cd5b4250e08e/reports/8f62b6c8-68d4-4784-ab65-ea58a49fc9bd/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f6abe361-4b5e-4de1-a7f8-0fff8838444a
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1374736
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4/
Threat name:
Win64.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2024-01-15 12:51:07 UTC
File Type:
PE+ (Exe)
Extracted files:
28
AV detection:
13 of 23 (56.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q35hk4a2ypj6lwjgepok2tzkdeaqlydbhph66235622r3ockkgsa._file
Verdict:
suspicious
Similar samples:
7da786b32ec861208fc6a01b94d4eee4867b26dabfe214b66c9009b2f0222050
Fabookie
8302d62f0ccd3c416440e413b641e698172e5258c81f1271da5fa782c034cc15
Fabookie
8f0f0b3f99aa73ac9ec10753ebdd4043805e470768b8697659801b5c4d516685
Fabookie
aafa82fb621b4843c3ae89bb8beddfe66244e203149880b79a4e8f42f5a7c4b9
Fabookie
fb3826c5caf9c4ae35f4819410905fa6a19617272edee37d9341a69e64b8a73c
Fabookie
+ 606 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/240115-p3gmdshah2/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
MD5 hash:
d6d117a179cbf6787eb56aa2156b563d
SHA1 hash:
f3d05b3acf256be3904239bdec3630c396286d87
Link:
https://www.unpac.me/results/6a29d602-408d-4263-be19-567262320e02/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2748659/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/470915/

Comments