MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
SHA3-384 hash: f33a213bd301dde4cc9488bca2322ed0871c049365670b3facd9e17408c438cd41ca573e91fdc69c1e5074370c99daf7
SHA1 hash: 2b36de8442838a880a7a26718d7c0b630008f9b0
MD5 hash: 3542f9fe5e390665d0a4dd4ee99c7ac8
humanhash: oscar-neptune-delaware-autumn
File name:3542f9fe5e390665d0a4dd4ee99c7ac8.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:248'832 bytes
First seen:2023-06-27 07:15:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b788e8ff3124c2dd648ac7a27e0b5d8 (6 x Fabookie)
ssdeep 6144:aqkvUK8JRGHAoBWxiEEiEEsfByAwZZS4onQFiy:atB8JRwAogXIB7GjFiy
Threatray 259 similar samples on MalwareBazaar
TLSH T112346CA2F3E80069E0B7C23A8AB15375EB7278591F2187CF1164566D2F337E18E3571A
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f4c6c6c7ce3280c0 (6 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3542f9fe5e390665d0a4dd4ee99c7ac8.exe
Verdict:
Malicious activity
Analysis date:
2023-06-27 07:17:30 UTC
Tags:
fabookie
Link:
https://app.any.run/tasks/43711e46-962a-4a13-9238-bb59fd100480

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403152/
Detection(s):
SecuriteInfo.com.Trojan.Win64.Fabookie.GKH.MTB.25963.31524.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe crypto greyware lolbin packed shell32.dll
Link:
https://www.filescan.io/uploads/649a8c79df3d0b939156d488/reports/bcdcf836-0d61-478b-8305-f6ebaf65012f/overview
Verdict:
Malicious
Labled as:
Trojan.Fabookie
Link:
https://www.hybrid-analysis.com/sample/ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5307cf1a-732e-4243-8bcb-5f72bf192654
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1261924
Signature
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167/
Threat name:
Win64.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2023-06-26 17:38:07 UTC
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vyvno52wcolf7s7272idsyjqv64xkrbtxr7zxusplynwhrgvcftq._file
Verdict:
suspicious
Similar samples:
2b21d02167f4e5bb4754d83bf9d69bcbd09b5a1507ab8045eaefb1980ecb989f
Fabookie
32baad0c616cbbb5bc145a6d746bed7f77c5131b0cc29b780cd8384816b78d23
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
Fabookie
62df74714cd81842088313cb600f935d37a851b7faffba085303346877ff2a9f
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
Fabookie
fe51caf5491e7f38b524ed374c6c9701700a9fa9c8f950379424fae99de0ced2
Fabookie
+ 249 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230627-h28wxsdd46/
Behaviour
Suspicious behavior: EnumeratesProcesses
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
MD5 hash:
3542f9fe5e390665d0a4dd4ee99c7ac8
SHA1 hash:
2b36de8442838a880a7a26718d7c0b630008f9b0
Link:
https://www.unpac.me/results/fab282c8-02fb-473d-aa7a-3186983a8690/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/403152/
  
URLhaus
https://urlhaus.abuse.ch/url/2668222/
  
Delivery method
Distributed via web download

Comments