MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b
SHA3-384 hash:	48d03ad3977479b047adc09f688768a9eb3f7861161497544400eab8036d54fe579a07bcb38e8eb54c61f485c541d993
SHA1 hash:	158f8d47ac27d77d5e01633adc43d52f8aa2571f
MD5 hash:	759275adc4a0cd1bef0101637f97b8b7
humanhash:	mango-potato-nineteen-carbon
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	427'520 bytes
First seen:	2023-03-28 13:39:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff082fef3d15cdd142534440e54d6a28 (30 x Fabookie)
ssdeep	6144:iy8P7sQLwciHM9iT4MKBz3I8JmGerEhgVIXFML:iznUcADrKi6ZerLIX
Threatray	78 similar samples on MalwareBazaar
TLSH	T1DE94F609FB7508B5D096C531CDBEC376E272BC835B25930B8241FF6E2EF36216969681
TrID	78.7% (.CPL) Windows Control Panel Item (generic) (197083/11/60) 6.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 5.2% (.SCR) Windows screen saver (13097/50/3) 4.2% (.EXE) Win64 Executable (generic) (10523/12/4) 2.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	04dcd4c282e0f000 (37 x Fabookie)
Reporter	jstrosch
Tags:	exe Fabookie X64

Intelligence

File Origin

# of uploads :

1

# of downloads :

229

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-03-28 13:40:19 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/7b66815d-6b12-4f85-9e3e-ddf11db48a6b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/378180/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

DNS request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

evasive greyware shell32.dll

Link:

https://www.filescan.io/uploads/6422ee3580ca4ca1ff59d426/reports/7c969f35-6da5-466d-b7d8-1f304975cb49/overview

Verdict:

Malicious

Labled as:

W64/Downuk.A.gen

Link:

https://www.hybrid-analysis.com/sample/99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/5ac0c39a-78c7-42de-ac76-b18fc4935114

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

6 / 100

Link:

https://www.joesandbox.com/analysis/1203660

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tg77hf4ll6lie4rfccg74pgxnwtdw3qyyqqwd42dhzz5wqy25b5q._file

Verdict:

suspicious

Similar samples:

1670e8390a0d65edc5f7bf18568d692d88761f03a9d2e447652d9455b69826cb

24fc07335c600810e31230c90481091ebe94b60ada6c3d89c8e7cd6b426c7e77

32ac0624a534a2c40fb8eba41e80bb1d31b99cd118d42208c89229079699f783

3866e15b1b14e1ee2f769e64369f6bb98c03a55afe4461b6524e25141fa66a2d

508811d6e7bba94362c9412a2c40cc376e325e1e22f7fefdf49f799c7e6e7baf

abf9055ecd138cf00061982957d9f141006743f7f967c478b0acf4aace79012b

c16b3e719af71f08089bfb812352979cdc2bec3b194d12ee6e46da17206dd3a7

db7ea1a496e6e1af76d6c63f29ed0472224edbf2b7abb2803d98c0957789bf39

dd2f34dc49d52d4f36a36ded298705f8f83c91a7c7dfdde3f05413b10a323b0e

+ 68 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230328-qyjrmabc88/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b

MD5 hash:

759275adc4a0cd1bef0101637f97b8b7

SHA1 hash:

158f8d47ac27d77d5e01633adc43d52f8aa2571f

Link:

https://www.unpac.me/results/5486b419-58f4-42dd-a824-58e6ceafaa30/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 99bff3978b5f96827225108dfe3cd76da63b6e18c42161f3433e73db431ae87b

(this sample)

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/378180/

URLhaus

https://urlhaus.abuse.ch/url/2563418/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample