MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fabookie


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb
SHA3-384 hash: 9135cfb3444c64869373f5fa4cd283485b005f4f18b2638967abfe88b7b57718f98a25ac7cd33b170eb5fa3f2b2f2482
SHA1 hash: d7fd188814a050027e743d1e0a7b84c616f8d3bf
MD5 hash: 8f1fc12361f85fa9786463972d46ab85
humanhash: moon-lion-spring-twenty
File name:file
Download: download sample
Signature Fabookie
Create hunting rule
File size:807'936 bytes
First seen:2023-03-11 15:09:40 UTC
Last seen:2023-03-12 07:30:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a0ad82b564665412272991ba09f43857 (3 x Fabookie)
ssdeep 12288:qrtKU5Nk7yK6+X/P6+X/6YCoPsk7vFIlv:SpEyFg/yg/6YCUsk7vFG
Threatray 30 similar samples on MalwareBazaar
TLSH T17005AE219122C95BC310343CD885A5F5EA9CBC60C759CBE3BA55BC1E7E36AA94D3C0F9
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 4c2c600236767221 (6 x Fabookie, 2 x Cosmu)
Reporter andretavare5
Tags:exe Fabookie


Avatar
andretavare5
Sample downloaded from http://ji.jhia6gyygcc.com/m/ss25.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/373550/
Detection(s):
SecuriteInfo.com.FileRepMalware.9270.11329.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/72667/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated shell32.dll
Link:
https://www.filescan.io/uploads/640c99cccb9bbbbcdcc6d9b4/reports/d0fc604a-8258-4188-b296-d3f520b8c411/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/60b8664e-99cc-4e31-8428-a6ac7e0952f1
Result
Threat name:
Fabookie
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1191716
Signature
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Fabookie
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2023-03-11 12:06:06 UTC
File Type:
PE+ (Exe)
Extracted files:
49
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vtyucpwfnvd32nhlci7vfzxu7ung7dwzp6moe45vo35b2zfq75q._file
Verdict:
suspicious
Similar samples:
10d30f99a7ff28b979466911f5ee0e451156e627682a1d639661dbb7c42c1b3f
Fabookie
3d4182d4be7f38a25e526943f33c8a2cb6c88c23bd7d08e8ee5e6c907a72945d
Fabookie
4e28350d943c406c17056b494e80769525758a574a6507c7ff614491284db875
Fabookie
5c9d09da8708c750ee0fb55e44890462fea8a471e5f57f0b5b592523a2fa8a6f
Fabookie
813c874aa6d1c15b3549a5b5453123a9db6942247971264d6ed160d8768f31dc
Fabookie
844b92d102379990f96dd712b1eb2ade90bee0412333a11a74f77723ff4f91f9
Fabookie
b840bd433a47d42c5ff7e6ef94c39b1309849398e7d4a51938fdcfacfa26b793
Fabookie
c0e65f9b50c5bcd97ced63cab1f3d3194473a6e81f26436c88af9d7c2622809f
Fabookie
d718bdc4280abb1c56e58fd9dbae55cfe498fb83de4d350b80d926b952f4c69e
Fabookie
ef75e4193acf86589cfcf6b49d61e88073fd65ca866ed4197da7c5e4b22bac6e
Fabookie
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230311-sj2d8sbh5x/
Behaviour
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb
MD5 hash:
8f1fc12361f85fa9786463972d46ab85
SHA1 hash:
d7fd188814a050027e743d1e0a7b84c616f8d3bf
Link:
https://www.unpac.me/results/3c2f07f6-b115-4795-ade8-1bec671ecd80/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd678a09f62b6a3de9a75891fa9737a7e8d37c76cbfcc7139dabb7d0eb2587fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/373550/
  
URLhaus
https://urlhaus.abuse.ch/url/2561770/

Comments