MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6
SHA3-384 hash:	740139f5c65e867ed9a0e453218d24c3037294bd3f78bd9c59099269726858ec041abfbe8c0e5a2b379c1b59d145c3b3
SHA1 hash:	75b356acc924fb4c4ad231f8af8b0c043781c80f
MD5 hash:	74e8a3ab0bd14c803a4cccdbc0009062
humanhash:	lactose-video-pennsylvania-charlie
File name:	74e8a3ab0bd14c803a4cccdbc0009062
Download:	download sample
Signature	Fabookie Alert Create hunting rule
File size:	406'528 bytes
First seen:	2023-09-13 05:57:54 UTC
Last seen:	2023-09-13 06:33:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep	1536:qyK9MV0CXyPuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6ur:qX9M1CPu2XnAYy4AZ6TvcgJFW
Threatray	523 similar samples on MalwareBazaar
TLSH	T14984DD64F0B2ECB3DA126B7039FCF91C91AD71551386869E365AF0B692D330031DDBA9
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter	zbetcheckin
Tags:	64 exe Fabookie

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

346

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

74e8a3ab0bd14c803a4cccdbc0009062

Verdict:

Malicious activity

Analysis date:

2023-09-13 06:00:01 UTC

Tags:

fabookie stealer

Link:

https://app.any.run/tasks/f52c2d93-2b78-4971-8ec0-a39d33ca6597

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/448306/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.60932.4905.1970.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Query of malicious DNS domain

Sending a TCP request to an infection source

Sending an HTTP GET request to an infection source

Dragonfly

Gathering data

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

lolbin shell32 swrort

Link:

https://www.filescan.io/uploads/65014f757aa68bd3a1f87f62/reports/7613c78c-2a2d-4e6d-861f-ce66ea519373/overview

Hybrid Analysis Win/malicious_confidence_100%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a5d87810-b2da-4562-9873-b02393f872b4

Joe Sandbox Fabookie

Result

Threat name:

Fabookie

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1308377

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6/

ReversingLabs TitaniumCloud Win64.Trojan.Swrort

Threat name:

Win64.Trojan.Swrort

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-09-12 17:29:21 UTC

File Type:

PE+ (Exe)

Extracted files:

29

AV detection:

15 of 33 (45.45%)

Threat level:

  5/5

Spamhaus Hash Blocklist Malicious file

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vk5btrlunbs4cdex5lkrnllktnqg4jh2d5gcub2pzs6dt56s4dta._file

Threatray malicious

Verdict:

malicious

Similar samples:

2f1726836dc22c15a85826950324a24cd09fc9e5f14095d3ccd7303114650588

Fabookie

55b9813d1377b90813fee3e75da65c9e66666b48aa0b73676ff9af7b0b87474a

Fabookie

6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176

Fabookie

7b0efba8c51a5f83078f28a6db7129d43db9d4ae71818e2f5fb755dc721880dc

Fabookie

9b7521279c87eba673118e8adc6fc14d4822a9e9ae314f6c3c62176f0aa4cc32

Fabookie

ba6576e842991fd627ffb782ae60a4c694c77b963c5afc73bc358c2cb27c3b57

Fabookie

cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931

Fabookie

e10be62dd99f927dc48568c4ec02966c35577ae42a9184b44f5f72b502b7c07b

Fabookie

fbd0a287a85f2099df62a8d02e4a0e46e0ded0fa250fb851c378471dc90c4921

Fabookie

+ 513 additional samples on MalwareBazaar

Hatching Triage fabookie

Result

Malware family:

fabookie

Alert

Create hunting rule

Score:

  10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230913-gn6c7scd84/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

UnpacMe

Unpacked files

SH256 hash:

aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6

MD5 hash:

74e8a3ab0bd14c803a4cccdbc0009062

SHA1 hash:

75b356acc924fb4c4ad231f8af8b0c043781c80f

Link:

https://www.unpac.me/results/9f4fdaef-0b0e-4f6c-9228-94d5b9c13bf7/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe aaba19c5746865c10c97ead516ad6a9b606e24fa1f4c2a074fccbc39f7d2e0e6

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2668222/

Cape

https://www.capesandbox.com/analysis/448306/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-09-13 05:57:55 UTC

url : hxxp://ji.jaoaaoas11.com/m/ss41.exe