MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5
SHA3-384 hash: a534932af63100d2b763216cb9a6eb2a80537bffe946b03c5e3da1b011ba6100fc12c05d0f5e0689f34b9431c6aafed5
SHA1 hash: c06e3bfb65cdb8dfe1880534950ae9c443dad147
MD5 hash: 3cb4486372d26a40c580113343e41ba7
humanhash: december-illinois-georgia-foxtrot
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:250'880 bytes
First seen:2023-07-02 23:39:46 UTC
Last seen:2023-07-04 02:11:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9fc536475d83b8af187b6bb597df0e0c (3 x Fabookie)
ssdeep 6144:dTG3HW77/IpsZAoovGTeTiv5LeNDGOb+asE:dT7K4eTiv5Lyb
Threatray 290 similar samples on MalwareBazaar
TLSH T185349D46F75400B8C03BC57AC9928755DBB2F82567344BCB8374DBAA1F237E18A3EA15
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon d4f8f8f8f4f0ecd4 (3 x Fabookie, 2 x CoinMiner)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.jaoaaoas11.com/m/ss33.exe

Intelligence

File Origin
# of uploads :
30
# of downloads :
270
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-07-03 04:31:00 UTC
Tags:
fabookie
Link:
https://app.any.run/tasks/81ca67c4-d0fb-4e78-ae94-094a50bca5b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/405531/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67941169.27131.32247.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
advpack control greyware lolbin makecab packed
Link:
https://www.filescan.io/uploads/64a20ad251710bcd8d43dd96/reports/d378dd94-29f8-4a87-8eb9-e44932313e46/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Agent
Link:
https://www.hybrid-analysis.com/sample/922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/61c7dc41-4f2a-45c9-9322-136ceae130d8
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1265312
Signature
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2023-07-02 23:40:04 UTC
File Type:
PE+ (Exe)
Extracted files:
22
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sixkvp5bb3j6lnshuokib5suqzxu2tnp6v733jfnycz2sgu3jx2q._file
Verdict:
suspicious
Similar samples:
0f01971fcbe3a469d0bc8b09743a765696ebe8a6a8fa0166c39cef761105be92
Fabookie
14085e7716a8c98724dce8e2d19c371867064764a8088373e0d0d3d7bb3982a3
Fabookie
155dd3b4d2665fc6486167b4f8ee758f5a848039216c76614ebf3167990e9ec6
Fabookie
274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
562a4a69963a30bd48803e9746c8db6749f88397bb34f76c686643205f787138
Fabookie
ab6de16c8b725a28c0bb84d4d88daa9a287715c6f42fb1f9949eff2d12f7ddb9
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
c15796facdf9378bda2c0a972f8650e58cd3e35e582548c18bc70d046a55d520
Fabookie
c24dc008827ad34ac3465f1af91e84fecee078966d5035dc0d4e43e58204eea3
Fabookie
+ 280 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230702-3nvglafc4s/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5
MD5 hash:
3cb4486372d26a40c580113343e41ba7
SHA1 hash:
c06e3bfb65cdb8dfe1880534950ae9c443dad147
Link:
https://www.unpac.me/results/9b61ab78-8985-4468-888b-30b3d0437cd3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/922eaabfa10ed3e5b647a39480f654866f4d4daff57fbda4adc0b3a91a9b4df5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/405531/
  
URLhaus
https://urlhaus.abuse.ch/url/2675826/

Comments