MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments 1

SHA256 hash:	ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a
SHA3-384 hash:	831fde1f41a00c872c152bf541c86ee789146dba39e38aca2da54ca38c9cb20977b6f881c29fe2b094f9c285ed8733c4
SHA1 hash:	6027ec4932864e48f1e2dfe9d53efe2065483c64
MD5 hash:	3a136de80821d23c4d1eb52897940a7b
humanhash:	tango-zulu-seventeen-asparagus
File name:	3a136de80821d23c4d1eb52897940a7b
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	606'208 bytes
First seen:	2023-05-13 20:36:02 UTC
Last seen:	2023-05-14 18:32:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4673ad56625d375f2efee239af061364 (21 x Fabookie)
ssdeep	12288:G72lP1/jvAx8Xr3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:q01/rSWr3/kRc4l6g6gtPbcHn7q
Threatray	143 similar samples on MalwareBazaar
TLSH	T143D4DF81B39095D9C4B88430C693CE71CA317C64DB28569BB6D4BB6F2F32AF16637316
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	60c8d86aec66d4f0 (24 x Fabookie, 1 x DanaBot)
Reporter	zbetcheckin
Tags:	64 exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

249

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

3a136de80821d23c4d1eb52897940a7b

Verdict:

Malicious activity

Analysis date:

2023-05-13 20:38:01 UTC

Tags:

fabookie

Link:

https://app.any.run/tasks/5f26dc5a-9e20-4420-bd90-53bf7df53ac3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/388933/

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.17351.7752.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/83885/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Malicious

Threat level:

10/10

Confidence:

89%

Tags:

shell32.dll

Link:

https://www.filescan.io/uploads/645ff4bce68f9cbce80c36a9/reports/85f476d7-566a-4dcc-8bf1-2cb86ecb6d7b/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4781e07c-2104-4387-bb07-cc72ea8f4aab

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1232226

Signature

Antivirus detection for URL or domain

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a/

Threat name:

Win64.Trojan.Privateloader

Status:

Malicious

First seen:

2023-05-13 14:46:54 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

9 of 37 (24.32%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zif4zewjqcskwdzc3ygr4wbhmanpuy75ibw4kvkemhpjzbogeufa._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230513-zdlvxshc48/

Behaviour

Modifies system certificate store

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a

MD5 hash:

3a136de80821d23c4d1eb52897940a7b

SHA1 hash:

6027ec4932864e48f1e2dfe9d53efe2065483c64

Link:

https://www.unpac.me/results/75660140-ddb9-44e9-b35a-85a9c68e0af8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe ca0bcc92c980a4ab0f22de0d1e5827601afa63fd406dc5554461de9c85c6250a

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2626383/

URLhaus

https://urlhaus.abuse.ch/url/2631354/

Cape

https://www.capesandbox.com/analysis/388933/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-05-13 20:36:03 UTC

url : hxxp://ji.ghwiwwgg.com/m/ppls25.exe