MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32
SHA3-384 hash:	58b8dcb576db88b7e02bb48619c4e7fba031dab65d79d4937c4d5ec0ad613041ab73b5cb78f7ae457c38aee9f80170cc
SHA1 hash:	5045617e8ce33de2922fceaa5f4432aab4ce46e7
MD5 hash:	9bbb2de9e7d068ef9503ce9a52a6776f
humanhash:	sad-happy-music-lamp
File name:	9bbb2de9e7d068ef9503ce9a52a6776f
Download:	download sample
Signature	Fabookie Alert Create hunting rule
File size:	406'528 bytes
First seen:	2023-09-13 05:57:43 UTC
Last seen:	2023-09-13 06:33:49 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep	1536:qyK9MV0CXyPuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6uz:qX9M1CPu2XnAYy4AZ67vcgJFW
Threatray	523 similar samples on MalwareBazaar
TLSH	T19584DD64F0B2ECB3DA126B7039FCF91C91AD71551386869E365AF0B692D330031DDBA9
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter	zbetcheckin
Tags:	64 exe Fabookie

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

305

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

9bbb2de9e7d068ef9503ce9a52a6776f

Verdict:

Malicious activity

Analysis date:

2023-09-13 06:00:01 UTC

Tags:

fabookie stealer

Link:

https://app.any.run/tasks/8da51577-1df3-4570-a4ff-82ca7d5f7f7c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/448304/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.60932.29799.5077.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

lolbin shell32 swrort

Link:

https://www.filescan.io/uploads/65014f727c054d8c55614b8a/reports/af1bf670-53b3-4550-9175-a7f5e70202bc/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/4be1c540-262b-430d-aab7-62e5df21f139

Joe Sandbox Fabookie

Result

Threat name:

Fabookie

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1308382

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32/

ReversingLabs TitaniumCloud Win64.Trojan.Swrort

Threat name:

Win64.Trojan.Swrort

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-09-12 17:14:44 UTC

File Type:

PE+ (Exe)

Extracted files:

29

AV detection:

17 of 38 (44.74%)

Threat level:

  5/5

Spamhaus Hash Blocklist Malicious file

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tn2scj44q7v2m4yrr2fny36bjvecfkpjvyyu63b4milw6cvezqza._file

Threatray malicious

Verdict:

malicious

Similar samples:

2f1726836dc22c15a85826950324a24cd09fc9e5f14095d3ccd7303114650588

Fabookie

55b9813d1377b90813fee3e75da65c9e66666b48aa0b73676ff9af7b0b87474a

Fabookie

6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176

Fabookie

7b0efba8c51a5f83078f28a6db7129d43db9d4ae71818e2f5fb755dc721880dc

Fabookie

aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6

Fabookie

ba6576e842991fd627ffb782ae60a4c694c77b963c5afc73bc358c2cb27c3b57

Fabookie

cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931

Fabookie

e10be62dd99f927dc48568c4ec02966c35577ae42a9184b44f5f72b502b7c07b

Fabookie

fbd0a287a85f2099df62a8d02e4a0e46e0ded0fa250fb851c378471dc90c4921

Fabookie

+ 513 additional samples on MalwareBazaar

Hatching Triage fabookie

Result

Malware family:

fabookie

Alert

Create hunting rule

Score:

  10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230913-gn6c7shg5x/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

UnpacMe

Unpacked files

SH256 hash:

9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32

MD5 hash:

9bbb2de9e7d068ef9503ce9a52a6776f

SHA1 hash:

5045617e8ce33de2922fceaa5f4432aab4ce46e7

Link:

https://www.unpac.me/results/daee463d-5383-4ca4-84af-b2404682d31a/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe 9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2675826/

Cape

https://www.capesandbox.com/analysis/448304/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-09-13 05:57:44 UTC

url : hxxp://ji.jaoaaoas11.com/m/ss33.exe