MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349
SHA3-384 hash:	2405191f6f93b4dcdf40cd7def9651e6f7c8cf8c72ba527f5d99c27247de8a6ad19ab95a4534aebd1eb004ab0d3f277f
SHA1 hash:	6ecc7bd6d957b70b9f6e37fcaea71df3e4fa76ed
MD5 hash:	89f04e97ebb271b88ef0231df7e51156
humanhash:	georgia-johnny-magazine-ten
File name:	89f04e97ebb271b88ef0231df7e51156.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	343'552 bytes
First seen:	2023-06-22 10:39:31 UTC
Last seen:	2023-06-22 11:44:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ce0c54abf9cb1706cf3f091f1f306b7f (11 x Fabookie)
ssdeep	6144:xFH8RIT6ALm4StJ3rXDx49wV7Sk1RPiaODgKYleQ4SGP:xWdBXDuCNAMeP
Threatray	241 similar samples on MalwareBazaar
TLSH	T12D741981B3DA4038E0B2C679CEB18363EA767C155B3056DF07609E6A6F73BE09531B25
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	70ccc9b3a9cce070 (19 x Fabookie, 3 x XFilesStealer, 1 x Pony)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

257

Origin country :

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

https://asi-rca.ro/download/File_pass1234.7z

Verdict:

Malicious activity

Analysis date:

2023-06-22 06:57:16 UTC

Tags:

privateloader opendir evasion loader rat redline stealer smoke trojan gcleaner ransomware stop amadey

Link:

https://app.any.run/tasks/e9fe9674-4fca-4ae9-80d8-ddbf89ecf25e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/401667/

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.32190.4209.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Sending a custom TCP request

Query of malicious DNS domain

Launching a tool to kill processes

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware keylogger lolbin shell32.dll

Link:

https://www.filescan.io/uploads/64942509764e34945215e8b3/reports/2b4bcf06-bc50-4c0f-b0aa-8dc359041cae/overview

Verdict:

Malicious

Labled as:

Trojan.Fabookie

Link:

https://www.hybrid-analysis.com/sample/cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a86cde8d-58c6-4e09-b224-89b729fcdd1a

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1259658

Signature

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349/

Threat name:

Win64.Trojan.Privateloader

Status:

Suspicious

First seen:

2023-06-22 04:21:44 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z5gba4zod3kvm2mjbaqliwjdnxbs7dpyfqzenptxrizhyamswneq._file

Verdict:

suspicious

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230622-mqkgeafc31/

Behaviour

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349

MD5 hash:

89f04e97ebb271b88ef0231df7e51156

SHA1 hash:

6ecc7bd6d957b70b9f6e37fcaea71df3e4fa76ed

Link:

https://www.unpac.me/results/c1d17b5d-4e5f-453b-8a26-26f9ff207211/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe cf4c10732e1ed55669890820b459236dc32f8df82c3246be778a327c0192b349

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2644855/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/401667/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample