MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0
SHA3-384 hash: d434b296680f8cbb4d89533bef8f1d3c09753f29dac613c90b4f5ea9f653edfb4ba7b497e39940dfa7b84cf1804bda76
SHA1 hash: 34cd75622c3ad5c46f04cf2f3735ec6029f2447a
MD5 hash: c9765279812dfcf237b0fab89f9f2bc4
humanhash: hydrogen-yankee-red-oxygen
File name:c9765279812dfcf237b0fab89f9f2bc4.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:669'229 bytes
First seen:2023-08-13 07:52:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep 12288:wcdtP2eyp/lCtd8l8tawD1U2bBrJAxveI5uYkQSY:ROv/lIt1hXbBrWxv01Y
Threatray 432 similar samples on MalwareBazaar
TLSH T16EE4BF156FB918B7C017B83B0C6D45914B337C13162783F7A496FEAC4EFB6E98066922
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 71f0e0e8c8c4e871 (2 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://nupectogo.com/download/Install_pass1234.7z
Verdict:
Malicious activity
Analysis date:
2023-08-12 12:08:51 UTC
Tags:
privateloader evasion opendir loader stealc stealer payload fabookie redline lumma arkei vidar risepro smoke trojan ransomware stop g0njxa
Link:
https://app.any.run/tasks/a4b98e2a-4e47-436f-a50d-a5d1a0c520d1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/442469/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68664761.10955.12882.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Query of malicious DNS domain
Sending an HTTP GET request to an infection source
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/58a3c584-dd12-42dd-99eb-693ebed919de
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1290612
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2023-08-12 07:51:22 UTC
File Type:
PE+ (Exe)
Extracted files:
29
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vrdca5u3cx22ptf63kmjdk3yrzdp4qmoqeu3fvkkmrcsiz5mt2ya._file
Verdict:
suspicious
Similar samples:
05229eb55c61b01e7b7b9decd04435bc7fde4991b4430549bc7c64882eff63d8
Fabookie
0bc3689575acffde20abb2ff8db97b9698b07fc0e2f64a04ef10dea26fe64d87
Fabookie
2a4bbe018dc6c5d1af64a4773bd8a7fccba71d19780177308b29b2abea4d33e1
Fabookie
3995ed61d4b3901bfacb5a8d36500664c1145c6287f8eba5f0077ef1b780355c
Fabookie
8a2e061b3b38dff83f62982a6b0087e5c4ea1c47192bf0ac2f8f67397636b164
Fabookie
902ad7ccf2e68e3240a3b9f8c41b09e2acc650db69a0593e7c17d04ce0ad0e2b
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
ca26e44c17842303c3960abd21b966ede71d30a2f1100f72580a863f5993e28e
Fabookie
fec5e8cb13f8418df2d3c2188c40eb2844084b02bdd9f2a899690b3a7b25986c
Fabookie
+ 422 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230813-jqz1babg91/
Behaviour
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0
MD5 hash:
c9765279812dfcf237b0fab89f9f2bc4
SHA1 hash:
34cd75622c3ad5c46f04cf2f3735ec6029f2447a
Link:
https://www.unpac.me/results/704a5a76-0a79-4383-96dc-da15968e1f81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2672595/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2679042/
Cape
Cape
https://www.capesandbox.com/analysis/442469/

Comments