MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7
SHA3-384 hash: ec269a117de6d4609a499e1375fb2ded07de8c540b599bffc5e4557cc632e67720d3e569a1e7463e76e19169625f4f14
SHA1 hash: 4a4bc58b149041eef2f93558f754eadefeff354c
MD5 hash: f7a421db37cb5f86eaa1e986c0368d46
humanhash: white-idaho-carolina-may
File name:f7a421db37cb5f86eaa1e986c0368d46.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:604'672 bytes
First seen:2023-05-30 10:16:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ebd1eabd331d8362641fc5a98d7445a5 (2 x Fabookie)
ssdeep 12288:172QPNjcXE8XM3lRkRc4YFwjsWAfRgantPbcTTn7axerx7:NpN4UWM3/kRc4lAgantPbcHn7a
Threatray 162 similar samples on MalwareBazaar
TLSH T161D4D081B39095D9C4B88430C693CE71CA317C64DB28569BA7D4BB6F2F32AF1653731A
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 60c8d86aec66d4f0 (24 x Fabookie, 1 x DanaBot)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f7a421db37cb5f86eaa1e986c0368d46.exe
Verdict:
No threats detected
Analysis date:
2023-05-30 10:21:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/528b35d7-1841-418a-afe8-9a6d1471fb7b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/393468/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67286693.30290.28355.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin shell32.dll
Link:
https://www.filescan.io/uploads/6475cd1f6dd70dc931d86655/reports/ed911657-c48f-4dc1-98c8-4006f6e3a69f/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d6edad30-9204-4b31-8f96-eacbd00f05ad
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1245204
Signature
Detected unpacking (creates a PE file in dynamic memory)
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-05-28 16:58:49 UTC
File Type:
PE+ (Exe)
Extracted files:
89
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sjhegztghlbzeaqp4axyjqpqc3c6wuryxbuwlupxfteqnpv3khdq._file
Verdict:
malicious
Similar samples:
01a5a583be5076fdb7d889ec170058085e0423318181e301f7fdefe4bedbb598
Fabookie
137126a2e955988044abc30c660489a571eb25516b382d8eea0fc208c4145381
Fabookie
2f463640ede2ba652be4fbadf180af9b992917a4100e702c518405ac9ebe3aa6
Fabookie
42430d77c311efbc21ad412f38190ff282b7a65c24801fab3e88f25e1f952b90
Fabookie
83c17cee1126133f3fa7ebb6b8de7ca408dd717fb2d7d743ba1ec9c5333bc951
Fabookie
9d4727c8d6ee3f645f9a77c512b84b0742d7502a15aeffcdd15366e6cb488c1f
Fabookie
b17e2998043a66e679e3715f5651854692c9af593b3c656acefead782118ccdf
Fabookie
ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a
Fabookie
edb995b82cb9d935dd6a11ea8a534066d888c197967112da531baa38471e1319
Fabookie
ff938a0fd6ce680b7dd06af89b87a4d2b69cfcbf042e783c4f483cbf9dfd653a
Fabookie
+ 152 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230530-mbcs1shc4z/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7
MD5 hash:
f7a421db37cb5f86eaa1e986c0368d46
SHA1 hash:
4a4bc58b149041eef2f93558f754eadefeff354c
Link:
https://www.unpac.me/results/aebd885c-ff57-4144-ac59-ee202c99abd1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe 924e4366663ac392020fe02f84c1f016c5eb5238b86965d1f72cc906bebb51c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2642466/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/393468/

Comments