MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1
SHA3-384 hash:	42ab614294339bd26348e44b2607cc6075b6860739e2848dd7dfbd04f2ef5fcf145146585774871870fb562a1c408058
SHA1 hash:	baca794b8ee691744b21ed48fe166def0a80e6c1
MD5 hash:	57159846d43120b2361a7524322347cd
humanhash:	fanta-lima-venus-two
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	732'672 bytes
First seen:	2023-07-18 12:54:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f2fcd0efb031ebebeaa83cd4cd21090b (24 x Fabookie)
ssdeep	6144:nA01NdXuvxQW7SYY3E57in+MRxQ7cUBmCUiJbc77ZvfuYuEdGxTC2hWf7xLUnw+V:nd+5QWGBn+9ShtdGxTC2P5JL
Threatray	343 similar samples on MalwareBazaar
TLSH	T113F42B56FBBD4272E051C135C9A6E7B5E6B27C855D30970B2346EB2E2F335118E3AB20
TrID	31.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.5% (.SCR) Windows screen saver (13097/50/3) 19.7% (.EXE) Win64 Executable (generic) (10523/12/4) 9.4% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.8% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	6cd2a3b79393d070 (24 x Fabookie, 1 x AgentTesla)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://zzz.fhauiehgha.com/m/okka25.exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

253

Origin country :

US

Vendor Threat Intelligence

Malware family:

redline

ID:

1

File name:

https://storedechuladas.com/wp-content/download/File_pass1234.7z

Verdict:

Malicious activity

Analysis date:

2023-07-18 07:26:55 UTC

Tags:

privateloader evasion opendir risepro stealer payload fabookie rat redline loader povertystealer amadey trojan gcleaner smoke botnet miner ransomware stop tofsee arkei vidar

Link:

https://app.any.run/tasks/ff200dc8-95d9-4ee8-afad-1ff9a9e83642

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/423500/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin shell32

Link:

https://www.filescan.io/uploads/64b68ba8f3c193545ac66e7c/reports/31533bfa-ade6-43a8-a6b7-abcdf850853a/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/852a73ac-e08c-45ee-a58f-b4a487e7ed8a

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1275103

Signature

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-07-17 18:32:20 UTC

File Type:

PE+ (Exe)

Extracted files:

42

AV detection:

13 of 37 (35.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=we7giwtwgqyyaup4l22wvb7ve5az2ab6ez7nbai5en5kncavllaq._file

Verdict:

malicious

Similar samples:

274f5d3d6967d77475ceee848a0dff2cfc9993923861de020e3856bd54ba8fc7

29ee51c21a3976410dd563dc4ed017f321ce95fdae61a0166af8a25f3b93f88a

2ddc19ae908947ed753b9681fca56b219204174819c5cd9113dc02ccfa79ced6

659284e5615e553baeceb72ed2f226fda246e40ce0dd0e300514b9afee6d41ca

70244e155a95744792bbf13f8eaab830c3d4a8529cce439cffdc4172b14fcd80

cb9b591fb411abb5ba554f6679775eea77df4b035618f679e5bf11cccf215574

ccd5fed825fdb224d3afdef247fb95b7fb6ae3a5b2e05918043cc497547ed002

f87bd8a08297af331b8ab18c393811d175e5fbc414fec1dec69520c06f32bd33

+ 333 additional samples on MalwareBazaar

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230718-p5r6xaad44/

Behaviour

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1

MD5 hash:

57159846d43120b2361a7524322347cd

SHA1 hash:

baca794b8ee691744b21ed48fe166def0a80e6c1

Link:

https://www.unpac.me/results/f20ae3ae-7b60-4e14-8936-becf17bfae14/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

Cape

https://www.capesandbox.com/analysis/423500/

URLhaus

https://urlhaus.abuse.ch/url/2679042/

URLhaus

https://urlhaus.abuse.ch/url/2672595/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample