MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0479eec2653c0fd5d0a4efc4eca77e5aec7751ee09b8812f673e961d887265dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0479eec2653c0fd5d0a4efc4eca77e5aec7751ee09b8812f673e961d887265dd
SHA3-384 hash: 2058a305f39b55ab7c390256f0c0c4f45e8ca19b7435a89562c86ef98d9bad720fd363bb4eb51363122048641e5e6ec6
SHA1 hash: 0d5e4f64313e9d2ce2bd2a62c5c8cd1bce5f3d53
MD5 hash: 72391513a8ab5c390f3f979de3be52d8
humanhash: spring-december-eight-mockingbird
File name:d0c41d8a42a65acb7e7cc843289d6bb0.exe
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:112'128 bytes
First seen:2020-04-01 10:35:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:Fgj/2OQFTino1JhhS+4G7lHuTqPizlRvOXJtMqtpjpiOMhW:Fgj/KFTinw3Q+4G7FuT4ihefMqtLGhW
Threatray 99 similar samples on MalwareBazaar
TLSH 35B3A64C37949164E2EE47B088F243248279E497A96BCE0F09D614FB6B3F741894EED7
Reporter abuse_ch
Tags:404Keylogger exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1dnn-IzKlVe4oqJHF8vCa1aBaViqX6oXo

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

095275ee71ba99a40abf6363fd013767fad09edb590002ce25f0d775e9c2e48e

404Keylogger

Executable exe 0479eec2653c0fd5d0a4efc4eca77e5aec7751ee09b8812f673e961d887265dd

(this sample)

  
Dropped by
MD5 d0c41d8a42a65acb7e7cc843289d6bb0
  
Dropped by
MD5 9a42645d227cfa099adf347825c1d3ff
  
Dropped by
GuLoader
  
Dropped by
SHA256 095275ee71ba99a40abf6363fd013767fad09edb590002ce25f0d775e9c2e48e
  
Dropped by
SHA256 af6732f9646129eeee53a6064ac25c2c1612ca3daf35d0975b60cf0ab1d465cc
  
URLhaus
https://urlhaus.abuse.ch/url/333189/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments