MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac
SHA3-384 hash:	31bd97062a8d9a4317b8c0e79528bd6e26b8f30dfbdb4f39a56169d8f81da113f11a26e224bd4de16828a207f846909c
SHA1 hash:	fbf6d083f02a5fbf038894e5c9d9ec14f528dee6
MD5 hash:	7a01ba8f880a998fe211bc59254f40ea
humanhash:	batman-bakerloo-batman-wyoming
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	305'664 bytes
First seen:	2023-06-05 20:15:08 UTC
Last seen:	2023-06-06 07:39:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	521968a65bf979e04bfb13c5d0026015 (1 x Fabookie)
ssdeep	6144:6XMHxMrU3CEIkWCZ3j9Z0CIriNupxyN90vE:SMHxM3EPBkCIsey90
Threatray	176 similar samples on MalwareBazaar
TLSH	T1C3543812AB25DFB8F0C7C8B6BD70410218E8B408A754B57E86CDDC751A3BC51ADB5BB2
TrID	31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.5% (.SCR) Windows screen saver (13097/50/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 9.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://ji.jahhaega2qq.com/m/p0aw25.exe

Intelligence

File Origin

# of uploads :

# of downloads :

279

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2023-06-05 20:18:02 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/02f03aba-689b-40ef-92b1-15d434c38151

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/395901/

Detection(s):

SecuriteInfo.com.Heur.32221.17431.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/89497/overview

Behaviour

MalwareBazaar

SystemUptime

MeasuringTime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin msiexec.exe packed shell32.dll

Link:

https://www.filescan.io/uploads/647e4282834df4f1b2dc54d9/reports/afbcf1b2-ae04-47e5-8bcc-3654c1a79502/overview

Verdict:

Malicious

Labled as:

W64/Agent.GEE.gen

Link:

https://www.hybrid-analysis.com/sample/a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c44ac4fb-78ab-46b4-8cf4-b7aec05088fc

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1249116

Signature

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Windows Update Standalone Installer command line found (may be used to bypass UAC)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-06-05 17:34:55 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

10 of 36 (27.78%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vej3ebdopwizzqbpp7sqt22q2z2m34q344jcffp4v6pfvtopyowa._file

Verdict:

malicious

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230605-y14htaaf35/

Behaviour

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac

MD5 hash:

7a01ba8f880a998fe211bc59254f40ea

SHA1 hash:

fbf6d083f02a5fbf038894e5c9d9ec14f528dee6

Link:

https://www.unpac.me/results/dc947281-ca0a-4c25-b4d0-ce28542705bd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a913b2046e7d919cc02f7fe509eb50d674cdf21be7122295fcaf9e5acdcfc3ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2644855/

Cape

https://www.capesandbox.com/analysis/395901/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample