MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793
SHA3-384 hash:	f961a77c11e11eb2aaae4ba625957dddb574ef9d944bb02984a9de2745717bd04da2ea9bc2f0500bbd259230b57225cf
SHA1 hash:	304d3c6f6bb11414c5c22c0a83e45d63166824e8
MD5 hash:	48f4f6461f03606000016cee556bab4f
humanhash:	march-low-arkansas-hot
File name:	file
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	217'600 bytes
First seen:	2023-03-07 14:47:00 UTC
Last seen:	2023-03-08 21:05:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	90292de38e2bd6803e8e5e27da945a11 (2 x Fabookie)
ssdeep	3072:xVFE/ZYueQ6059PKEywh8QzEfae1NJLgf7nDVF6PUp1Yo3ICgC:MYue05FhyI8wEHN5gfzDVlVXg
Threatray	18 similar samples on MalwareBazaar
TLSH	T1B424C02172E859F9D67A4130DA235737CBB3BC541928172F12A0CB9A1F3351ABE1EB47
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	faf9f8d4d6ccc0c1 (6 x Fabookie, 4 x LummaStealer, 3 x AsyncRAT)
Reporter	andretavare5
Tags:	exe Fabookie

andretavare5

Sample downloaded from http://ji.jhia6gyygcc.com/m/ss25.exe

Intelligence

File Origin

# of uploads :

4

# of downloads :

243

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/372370/

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated packed shell32.dll

Link:

https://www.filescan.io/uploads/64074e67e96aa01651234cde/reports/b3d435a6-ca76-4a89-ad59-257b49ce35e0/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/e6a3ebdf-51cd-4a37-af82-2295b107d23a

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

spyw.troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1188662

Signature

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2023-03-07 14:49:13 UTC

File Type:

PE+ (Exe)

Extracted files:

26

AV detection:

14 of 25 (56.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xbal2qz2i7kcyx7x43xzjq43cmeyje4y47kkkgjy7xh2z6rgw6jq._file

Verdict:

suspicious

Similar samples:

06844d00d8dc0cd3dbba61a901f607f100bbe4e550e9029cc112924cb5aa7b68

12b8b37304239b2f5e0c4fca5bdf2f0bb5910e11d841e3a63c03ef5149c9a581

2a1752d81c865b605efa5e0afbe440c2cf957029a2181bb9e02c0862bca0383b

65acc0e74fc63de8c2da949a543237ffb4a95d6b613dd62fbb42faf866707c4b

6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c

a7a7e29e3c94afbbbb65b40527095ec8c7d868d8d5911ae99321842e30856173

b1f2f8b43d3a780a18c9c1c136e30b40f66223a4582f504dce2650ee4643d4e4

c06a5d2a048c41ac4b03f5fd47131a9349dedfdc266a2859c400e9f3a5f0315e

f68ebaf0cd8b7f5aafa28b0f39d47f41acdb4342de973d87e189064f75d1ceec

+ 8 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230307-r5vyxahh4y/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793

MD5 hash:

48f4f6461f03606000016cee556bab4f

SHA1 hash:

304d3c6f6bb11414c5c22c0a83e45d63166824e8

Link:

https://www.unpac.me/results/0fa975e5-b898-4212-860e-fc9332573472/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

Cape

https://www.capesandbox.com/analysis/372370/

URLhaus

https://urlhaus.abuse.ch/url/2561770/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample