MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e
SHA3-384 hash:	ca302c5e8f63ff0cc059fd45f2d8366e3519b28b27b80e70b35694d92883d1336dc3350de10e0e314587488148174150
SHA1 hash:	a3a1c6fd8cf090094830a7cf319dad0be666d36c
MD5 hash:	c101e54fcffce8ffa74cb00232a8aed2
humanhash:	white-asparagus-snake-iowa
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	651'776 bytes
First seen:	2023-09-23 09:02:25 UTC
Last seen:	2023-09-25 07:41:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c4a784232bca53e5d6c372fa53bf8d4c (7 x Fabookie)
ssdeep	6144:JfIJs1RHFDIOFkzJwz9OhcHQU8rATKbGHbI0/tGKP15Vuc7GHbI0/tGKP15Vuc1h:dYmctcH5049Duca049Duc1y6
Threatray	577 similar samples on MalwareBazaar
TLSH	T145D4AE35A3D80C56D589113E448E43B19B203E287F2E87CB95E5B5CD0A723F0EB69EE5
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	e4a6a68caaacc8f9 (10 x Fabookie)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://ji.alie3ksgbb.com/m/esgla2i5.exe

Intelligence

File Origin

# of uploads :

# of downloads :

273

Origin country :

Vendor Threat Intelligence

Malware family:

smoke

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2023-09-23 08:58:28 UTC

Tags:

loader smoke stealer redline opendir gcleaner ransomware stop raccoon recordbreaker vidar trojan arkei fabookie privateloader evasion raccoonclipper risepro

Link:

https://app.any.run/tasks/d272d925-48b0-451c-996c-eaa2bd4185f9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/450715/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader45.61395.26588.13839.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending an HTTP GET request

DNS request

Query of malicious DNS domain

Sending a TCP request to an infection source

Gathering data

Verdict:

Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

evasive greyware keylogger lolbin packed shell32

Link:

https://www.filescan.io/uploads/650ea9c733582f234e007c78/reports/2ec20d14-97d6-44ec-a905-e83a74ee4678/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/45c86d61-85d2-4fde-a0de-4a70d818aa74

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1313235

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2023-09-23 06:08:29 UTC

File Type:

PE+ (Exe)

Extracted files:

165

AV detection:

18 of 36 (50.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wizrti4kky3clnvwwtvgjwlarcbacfrgvk4plh7tco7en5jce6ha._file

Verdict:

malicious

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230923-kz1tmsga78/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Malware Config

C2 Extraction:

http://app.nnnaajjjgc.com/check/safe

Unpacked files

SH256 hash:

b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e

MD5 hash:

c101e54fcffce8ffa74cb00232a8aed2

SHA1 hash:

a3a1c6fd8cf090094830a7cf319dad0be666d36c

Link:

https://www.unpac.me/results/813800bc-8065-4a2e-b1b6-caf1182161a3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b23319a38a563625b6b6b4ea64d9608882011626aab8f59ff313be46f522278e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

URLhaus

https://urlhaus.abuse.ch/url/2711791/

Cape

https://www.capesandbox.com/analysis/450715/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample