MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fabookie

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592
SHA3-384 hash:	2ac9ebfff1b2beda09e1583cc86655442924d5c16ff43728179aa94da7af1ea69a8176654c39d7fb0c03102f9038e3aa
SHA1 hash:	0bbab91639ec010da7a2758651a2bd8cb116fb11
MD5 hash:	e8b44b27acb905171779da1a4f93ccd9
humanhash:	hawaii-river-carbon-ceiling
File name:	e8b44b27acb905171779da1a4f93ccd9.exe
Download:	download sample
Signature	Fabookie Create hunting rule
File size:	342'016 bytes
First seen:	2023-06-01 05:46:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	96dc087b97a7c4da2594e3d13a391dac (2 x Fabookie)
ssdeep	6144:2FH8RIT6Fam4StJ3CXDW49wX7SkD4PiaODgKYleQ4veP:2WdIXDzCd7MhP
Threatray	169 similar samples on MalwareBazaar
TLSH	T168742981B3DA4038E072C679CEB18363EA767C155B3096DF07609E6A6E73BE0D531B25
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	70ccc9b3a9cce070 (19 x Fabookie, 3 x XFilesStealer, 1 x Pony)
Reporter	abuse_ch
Tags:	exe Fabookie

Intelligence

File Origin

# of uploads :

# of downloads :

241

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e8b44b27acb905171779da1a4f93ccd9.exe

Verdict:

No threats detected

Analysis date:

2023-06-01 05:49:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/09bd31d8-3fe8-4cd0-8ba7-4aa255dd5de0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/394292/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.67331799.31918.7645.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Query of malicious DNS domain

Sending an HTTP GET request to an infection source

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/88891/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware keylogger lolbin shell32.dll

Link:

https://www.filescan.io/uploads/647830dd68c22596fbd7e63a/reports/9dc9c78e-b6f0-43e0-83a0-c3e16809b254/overview

Verdict:

Malicious

Labled as:

Win64/TrojanDownloader.Agent

Link:

https://www.hybrid-analysis.com/sample/fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/7ccabb92-591e-4125-aa8e-a192cdc3b0fd

Result

Threat name:

Fabookie

Detection:

malicious

Classification:

troj.spyw.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1246576

Signature

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Fabookie

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-05-31 15:52:06 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7okwi3csdm2ebynj2fjcxv2s3qz76fv4ykx3lipbmm4fdxkv2wja._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/230601-ggwv7acg86/

Behaviour

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592

MD5 hash:

e8b44b27acb905171779da1a4f93ccd9

SHA1 hash:

0bbab91639ec010da7a2758651a2bd8cb116fb11

Link:

https://www.unpac.me/results/3849adbb-fbf6-4fa1-852e-b86c900bc226/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fabookie

exe fb95646c521b3440e1a9d1522bd752dc33ff16bcc2afb5a1e1633851dd55d592

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2642466/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/394292/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample