MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3
SHA3-384 hash: 7d842fbfb0eb37ccf5cb00c826469181b77a9601094ec27758ee73641c3b44d439acc3464a366ede24845d7a03a8cd12
SHA1 hash: a1c2f3ff606e6bd45b0393c2e2c9d8dba47adb9f
MD5 hash: 7ddb9f6017c839d0464fb33da78d138f
humanhash: fish-edward-cola-alaska
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:973'312 bytes
First seen:2023-03-15 11:45:08 UTC
Last seen:2023-03-15 13:38:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7533beb38e834532b23ecbe6c94b2454 (5 x Fabookie)
ssdeep 12288:CsJc/3ljJvGbZmkWh6dSsA1xsBwLgGLXKPXPiXuHNHGb6bH/zx/GCLW/nh/X:CsMvxhV37LgG
Threatray 38 similar samples on MalwareBazaar
TLSH T18A258009BE5E8080CC1156388976D775B7627CA81F2D86EBF197BF2E6F325949C39203
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon ecb26965731392e8 (7 x Fabookie, 3 x CoinMiner, 2 x RemcosRAT)
Reporter jstrosch
Tags:exe Fabookie X64

Intelligence

File Origin
# of uploads :
2
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/374527/
Detection(s):
SecuriteInfo.com.Trojan.TR.YAV.Minerva.csxfi.20892.25933.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/73258/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
83%
Tags:
obfuscated shell32.dll
Link:
https://www.filescan.io/uploads/6411affcbba9ffe6e2a3916c/reports/202e9ad2-fba2-42d0-baf8-c9625a8a9f84/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/dd771ac3-b4c5-4397-8359-fb06ce4c2cb1
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1194080
Signature
Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3/
Threat name:
Win64.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2023-03-14 20:32:42 UTC
File Type:
PE+ (Exe)
Extracted files:
88
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zefa2jlal5lmjthcnfcirarva3ckpecewt6x3k4dogjmwjvazxrq._file
Verdict:
suspicious
Similar samples:
217ff786e98d8763294e360042af0717011ab7d017d2150f47250dc1fb0b7790
Fabookie
265fb8ad935504f6f91d2c7e177a70d766dd037f9137f1d0657eeb155c829886
Fabookie
3866e15b1b14e1ee2f769e64369f6bb98c03a55afe4461b6524e25141fa66a2d
Fabookie
4e28350d943c406c17056b494e80769525758a574a6507c7ff614491284db875
Fabookie
5391a7633161e6b598557a56d313b89d27619d4f819566f8c808f84522bdef4f
Fabookie
5c9d09da8708c750ee0fb55e44890462fea8a471e5f57f0b5b592523a2fa8a6f
Fabookie
83442c64c821f32924261167941da1d7e51aa6d35e57c4ac1cdefd2358d876ab
Fabookie
b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793
Fabookie
c16b3e719af71f08089bfb812352979cdc2bec3b194d12ee6e46da17206dd3a7
Fabookie
fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb
Fabookie
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230315-nxbcrada37/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3
MD5 hash:
7ddb9f6017c839d0464fb33da78d138f
SHA1 hash:
a1c2f3ff606e6bd45b0393c2e2c9d8dba47adb9f
Link:
https://www.unpac.me/results/4daaa568-fe6b-4ca9-93b9-f7b5ea8aac1b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe c90a0d25605f56c4cce2694488823506c4a79044b4fd7dab837192cb26a0cde3

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2565106/
Cape
Cape
https://www.capesandbox.com/analysis/374527/

Comments