MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931
SHA3-384 hash: 39217528764c2855c77e03e9ce74713112ec548afb398490635a9d9e8349892d9e87eca80d04acfd75b67a82b89e660f
SHA1 hash: 1ead7ff8183f1043962194f4ea7d998f5445cd04
MD5 hash: 0977b0bdfd4416231e766b765660ffd5
humanhash: undress-victor-colorado-bulldog
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:406'528 bytes
First seen:2023-09-12 20:32:37 UTC
Last seen:2023-09-12 21:38:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 96cc98468ed325b3857363887597bc67 (20 x Fabookie)
ssdeep 1536:qyK9MV0CXyPuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6ux:qX9M1CPu2XnAYy4AZ6FvcgJFW
Threatray 521 similar samples on MalwareBazaar
TLSH T16484DD64F0B2ECB3DA126B7039FCF91C91AD71551386869E365AF0B692D330031DDBA9
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon e0c6dfa5aeebcbdc (20 x Fabookie, 2 x AsyncRAT)
Reporter jstrosch
Tags:exe Fabookie X64

Intelligence

File Origin
# of uploads :
2
# of downloads :
320
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-09-12 20:33:54 UTC
Tags:
fabookie stealer
Link:
https://app.any.run/tasks/a4f59a68-f60a-4c92-a913-a547ccb9c18d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/448268/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader45.60932.19027.4268.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
DNS request
Sending a custom TCP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Sending an HTTP GET request to an infection source
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin shell32
Link:
https://www.filescan.io/uploads/6500cb049bae8a378554743f/reports/a27395e8-350d-47a2-96dc-a1be7656f778/overview
Verdict:
Malicious
Labled as:
Win64/GenKryptik.GLUK trojan
Link:
https://www.hybrid-analysis.com/sample/cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ba0840b6-824a-4565-a66a-1e97b4726b80
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1308481
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931/
Threat name:
Win64.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2023-09-12 20:33:09 UTC
File Type:
PE+ (Exe)
Extracted files:
29
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=znqepuycqfqduj7c2hajt625aygrr3oizdk6nykral7p2wflreyq._file
Verdict:
malicious
Similar samples:
2f1726836dc22c15a85826950324a24cd09fc9e5f14095d3ccd7303114650588
Fabookie
55b9813d1377b90813fee3e75da65c9e66666b48aa0b73676ff9af7b0b87474a
Fabookie
6b2a6d8de02eace85a4dd0cc4ad92afef9c963d317b3e6d744ef889fdc3f0176
Fabookie
7b0efba8c51a5f83078f28a6db7129d43db9d4ae71818e2f5fb755dc721880dc
Fabookie
ba6576e842991fd627ffb782ae60a4c694c77b963c5afc73bc358c2cb27c3b57
Fabookie
e10be62dd99f927dc48568c4ec02966c35577ae42a9184b44f5f72b502b7c07b
Fabookie
fbd0a287a85f2099df62a8d02e4a0e46e0ded0fa250fb851c378471dc90c4921
Fabookie
+ 511 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230912-zbvp2sfd7y/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931
MD5 hash:
0977b0bdfd4416231e766b765660ffd5
SHA1 hash:
1ead7ff8183f1043962194f4ea7d998f5445cd04
Link:
https://www.unpac.me/results/ee555b54-4e3b-401a-aade-10566b71fdc3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe cb6047d30281603a27e2d1c099fb5d060d18edc8c8d5e6e15102fefd58ab8931

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/448268/

Comments