MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7
SHA3-384 hash: 24b472ea86b324bd0260ccbf1fd6fdd044e70994ebcb61b45c5a705094e01f4e7c6bf20ccc9cd78b0386a69367b9aa0a
SHA1 hash: 32cbf270b44eefdd76ce40b9a07e8fca69e284f7
MD5 hash: e0493eb151609418846b7b9f85b0e828
humanhash: missouri-pip-coffee-sixteen
File name:e0493eb151609418846b7b9f85b0e828.exe
Download: download sample
Signature Fabookie
Create hunting rule
File size:248'832 bytes
First seen:2023-06-27 07:13:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b788e8ff3124c2dd648ac7a27e0b5d8 (6 x Fabookie)
ssdeep 6144:aqkvUK8JRGHAoBWxiEEiEEsfByAwZZS4onQFiy:atB8JRwAogXIB7GjFiy
Threatray 260 similar samples on MalwareBazaar
TLSH T1A2346CA2F3E80069E0B7C23A8AB15375EB7278591F2187CF1164566D2F337E18E3571A
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon f4c6c6c7ce3280c0 (6 x Fabookie)
Reporter abuse_ch
Tags:exe Fabookie

Intelligence

File Origin
# of uploads :
1
# of downloads :
275
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e0493eb151609418846b7b9f85b0e828.exe
Verdict:
Malicious activity
Analysis date:
2023-06-27 07:14:30 UTC
Tags:
fabookie
Link:
https://app.any.run/tasks/783bfc31-4952-49aa-98c6-0130ad02cdc9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403151/
Detection(s):
SecuriteInfo.com.Trojan.Win64.Fabookie.GKH.MTB.27564.17848.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe crypto greyware lolbin packed shell32.dll
Link:
https://www.filescan.io/uploads/649a8c3b4f1a66d0e6d87082/reports/334a3ddd-399b-409c-9a07-bad8f3908910/overview
Verdict:
Malicious
Labled as:
Trojan.Fabookie
Link:
https://www.hybrid-analysis.com/sample/e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ce6ac001-31a6-43b4-b537-8bbf3a9397b3
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1261925
Signature
Contains functionality to steal Chrome passwords or cookies
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7/
Threat name:
Win64.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2023-06-26 19:48:16 UTC
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=45qkimnocerad2x3x6n5ucne5xb5unxmslho6v7lo3kypztjh23q._file
Verdict:
suspicious
Similar samples:
32baad0c616cbbb5bc145a6d746bed7f77c5131b0cc29b780cd8384816b78d23
Fabookie
4f2f8e8f530beb89c23e7a43a6a82498bd44739688e273f3ea4e4dde4aea38ed
Fabookie
55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
Fabookie
62df74714cd81842088313cb600f935d37a851b7faffba085303346877ff2a9f
Fabookie
ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
Fabookie
ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
Fabookie
bb1aa29dca7c55add0bd5e53c735645b5cd0d5ab5105fd412026fa2c69e06191
Fabookie
c9dbc567a9764bc8e3daef054db96a7b8074b1855370f558d2ee5d859e705485
Fabookie
cf76ac64d1038d54fa178a67712a4916e021b6b381241b44c2ceed7428ba4692
Fabookie
fe51caf5491e7f38b524ed374c6c9701700a9fa9c8f950379424fae99de0ced2
Fabookie
+ 250 additional samples on MalwareBazaar
Result
Malware family:
fabookie
Create hunting rule
Score:
  10/10
Tags:
family:fabookie spyware stealer
Link:
https://tria.ge/reports/230627-h2mzfsdd45/
Behaviour
Suspicious behavior: EnumeratesProcesses
Reads user/profile data of web browsers
Detect Fabookie payload
Fabookie
Unpacked files
SH256 hash:
e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7
MD5 hash:
e0493eb151609418846b7b9f85b0e828
SHA1 hash:
32cbf270b44eefdd76ce40b9a07e8fca69e284f7
Link:
https://www.unpac.me/results/5a9d060d-04a3-47f0-99e8-edaf6cc17bc6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

Executable exe e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2642466/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/403151/

Comments