MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241
SHA3-384 hash:	31712f508b96d1d2a3ae760a964dd113a5a68cdbfa6f87c69e67ac46fb44e1079d46425527b7d1dd54c4339f6cc773ce
SHA1 hash:	7c164585e50cb7b2e6cbe8508dbd078c8c4018cb
MD5 hash:	91670b685d544cc5ee1ca6263dc76a53
humanhash:	spring-wisconsin-ack-chicken
File name:	91670b685d544cc5ee1ca6263dc76a53.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	431'104 bytes
First seen:	2023-06-21 06:25:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d1884757532ce7b0014241f40262c929 (16 x Fabookie)
ssdeep	6144:ul073J3gQx1K46tV9rSDWso3T+cbJ5JIJAbW0we3:z3JwQHKjT25oCIJ5MZ0w
Threatray	232 similar samples on MalwareBazaar
TLSH	T13D949EE1E34040E5D477C2B982774B62E7F27C285B214ADF4659B7292F337D28936A0B
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10523/12/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):
dhash icon	70646666fab4b064 (18 x Fabookie, 5 x GuLoader)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

267

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

91670b685d544cc5ee1ca6263dc76a53.exe

Verdict:

Malicious activity

Analysis date:

2023-06-21 06:26:54 UTC

Tags:

fabookie

Link:

https://app.any.run/tasks/295602f8-b746-4a46-bc0b-27fa51d533e0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/401227/

Detection(s):

SecuriteInfo.com.Win64.Trojan-gen.17890.6940.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process with a hidden window

Using the Windows Management Instrumentation requests

Searching for the window

Query of malicious DNS domain

Launching a tool to kill processes

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin shell32.dll

Link:

https://www.filescan.io/uploads/649297fb73cb23e4dbf7fdc8/reports/e03855ee-3146-4f11-a30c-80a1ef381b74/overview

Verdict:

Malicious

Labled as:

Generik.IINMTRD trojan

Link:

https://www.hybrid-analysis.com/sample/da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d28f0a62-88ec-4319-ba50-0e11a4b5dfab

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1258800

Signature

Antivirus detection for URL or domain

Contains functionality to steal Chrome passwords or cookies

Multi AV Scanner detection for domain / URL

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241/

Threat name:

Win64.Trojan.Amadey

Status:

Suspicious

First seen:

2023-06-20 21:53:30 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3igggnxiofx2oi6jppyjvkdoyxsua6cqy4jggozbu3u4lguuyjaq._file

Verdict:

suspicious

Result

Malware family:

fabookie

Score:

10/10

Tags:

family:fabookie spyware stealer

Link:

https://tria.ge/reports/230621-g663fshb4t/

Behaviour

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Reads user/profile data of web browsers

Detect Fabookie payload

Fabookie

Unpacked files

SH256 hash:

da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241

MD5 hash:

91670b685d544cc5ee1ca6263dc76a53

SHA1 hash:

7c164585e50cb7b2e6cbe8508dbd078c8c4018cb

Link:

https://www.unpac.me/results/3ccfc899-fec9-48a3-a59e-ce0703bd9b34/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe da0c6336e8716fa723c97bf09aa86ec5e5407850c712633b21a6e9c59a94c241

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2668222/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/401227/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample