MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94
SHA3-384 hash: 61cb2ff2140f06d1132a04bf67f95df7a44eb75c76a4afcac259b9ac55434aa93070a495a6962479c0e7caa03aeb2bb6
SHA1 hash: 9dcf0e8327f61df9641050fa30fa8a75642a2161
MD5 hash: c5431ed88227d6f2e201da982db63f38
humanhash: uncle-april-triple-winner
File name:SecuriteInfo.com.Trojan.DownLoader45.59549.20406.18699
Download: download sample
Signature Fabookie
Create hunting rule
File size:321'024 bytes
First seen:2024-01-19 11:21:35 UTC
Last seen:2024-01-22 09:54:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a7a19cad0c2c193feb43fc00c1b6b502 (17 x Fabookie)
ssdeep 3072:oVZTMYQ0qIN6NtVcOXHK5ULK2NUPj0reyRS6CSfKVu1xgCAWU8fvJqxEm4x1ESuS:YMnt3HP2PPjop/1fvoxEvTE
Threatray 631 similar samples on MalwareBazaar
TLSH T132644C156FB91CB6C017B43F0C6E84524B337827166783F7A496DEAC0EF76E8D466822
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon e3b1adeddd75ad92 (15 x Fabookie)
Reporter SecuriteInfoCom
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
3
# of downloads :
397
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471656/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader45.59549.20406.18699.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
DNS request
Query of malicious DNS domain
Sending a TCP request to an infection source
Sending an HTTP GET request to an infection source
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fabookie lolbin setupapi swrort
Link:
https://www.filescan.io/uploads/65aa5b63fd5068bbc3da1d8e/reports/e7efd0d1-a662-4800-8edb-aa5354d5c5bc/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9fee2041-952f-4ceb-9877-657023978e1c
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1377357
Signature
Antivirus detection for URL or domain
Contains functionality to steal Chrome passwords or cookies
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94/
Threat name:
Win64.Trojan.Swrort
Create hunting rule
Status:
Malicious
First seen:
2024-01-19 09:30:18 UTC
File Type:
PE+ (Exe)
Extracted files:
26
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3tlqhejnn7zmzslttobpcl5szbqycl2txmwksqzktgcq3uls7kka._file
Verdict:
malicious
Similar samples:
0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583
Fabookie
65ddb11683d2b3fd50168165aa0b50cd2cc7b7a3a64f8feb06ed50788bde5421
Fabookie
86fa75701ac3d3e5d92623dcad4f2a190105e0613bcfef6b7df6b51db84a51a4
Fabookie
c313743bbe473242a6f3ffd64c64b00adf0137bd797869956c31e707c1b23a73
Fabookie
dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94
Fabookie
fb3826c5caf9c4ae35f4819410905fa6a19617272edee37d9341a69e64b8a73c
Fabookie
+ 621 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/240119-ngltjschcp/
Behaviour
Modifies system certificate store
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Malware Config
C2 Extraction:
http://app.alie3ksgaa.com/check/safe
Unpacked files
SH256 hash:
dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94
MD5 hash:
c5431ed88227d6f2e201da982db63f38
SHA1 hash:
9dcf0e8327f61df9641050fa30fa8a75642a2161
Link:
https://www.unpac.me/results/f4b16492-174f-48d6-a85d-a47eb599d0f1/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2748957/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2748594/
  
URLhaus
https://urlhaus.abuse.ch/url/2749369/
Cape
Cape
https://www.capesandbox.com/analysis/471656/

Comments