MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d2ec15d62435664f0d1d27b02b20f1c35ca12d054ae59db961ad223e6f27039. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d2ec15d62435664f0d1d27b02b20f1c35ca12d054ae59db961ad223e6f27039
SHA3-384 hash: 76f93caa6be2979541e0db8605ca7fdca46c28922276d284914314095cdb76c191a525d87a510c16596ec8a98af99e92
SHA1 hash: 69a3d39c1c1849ddc2d32ec352a4b63d44445046
MD5 hash: 15422734b3f2748702c034efc3d3aa2e
humanhash: romeo-comet-finch-cardinal
File name:1371228,1372216.xz
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:338'473 bytes
First seen:2020-08-30 09:03:39 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:k4lnqGmPOYFR3fyXF11FkePFw6LJ6c7di+YEwBjEPA0h1:k4lnqGmWYFRqXlFke19dirRliAU
TLSH 6D74233786D4B6DCD5C20971FF7D14F632ACB64AE85B8F482C6680010A5274AEDB43BE
Reporter abuse_ch
Tags:404Keylogger xz


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: gmail.com
Sending IP: 185.222.57.207
From: Michael Mitri <michealmitri@gmail.com>
Subject: INVOICES#1372219,1372217,1371228,1372216
Attachment: 1371228,1372216.xz (contains "1371228,1372216.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d2ec15d62435664f0d1d27b02b20f1c35ca12d054ae59db961ad223e6f27039/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-29 02:54:23 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=duxmcxlcinlgj4gr2j5qfmqpdq24uewqksxftw4wdljchzxsoa4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1d2ec15d62435664f0d1d27b02b20f1c35ca12d054ae59db961ad223e6f27039

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

xz 1d2ec15d62435664f0d1d27b02b20f1c35ca12d054ae59db961ad223e6f27039

(this sample)

404Keylogger

Executable exe f94835d0cfac325ba2187c8bec1f9e9cff185a087be4de42832731c3c7a51adc

  
Dropping
MD5 1e562a3821639b53d1303a70c61bc057
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f94835d0cfac325ba2187c8bec1f9e9cff185a087be4de42832731c3c7a51adc

Comments