MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36e908be1d6e45fff56053efc1c75d48a94d1a292ceb6e2d6446f0a4b9a25165. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36e908be1d6e45fff56053efc1c75d48a94d1a292ceb6e2d6446f0a4b9a25165
SHA3-384 hash: e0d21aa97225e3036e89ca29c9ff3add9b8224788620d8e21d929fd17d12bbb49d6b1002ab64be75ff42d7e752db793b
SHA1 hash: 197d100cbc69d924caa8cee0f30d8b0807f79fd2
MD5 hash: 245cbb0189ce9406645ca4a8e63b54a6
humanhash: nuts-edward-georgia-happy
File name:DPR165.zip
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:333'964 bytes
First seen:2020-05-05 07:13:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:qcEBovARvcv0bTBBm+yWp19rFRrdUNEFcRi8kKqzTuDsRz/f7iLoD7iJ/4/Sw+tK:teooRvcv0bHmKp7fBoJIcAPiLofiJ/O1
TLSH E064236ED7FAD50B48698ECF75A639999B97E13110BDBDC820309E87050F34F14A829F
Reporter abuse_ch
Tags:404Keylogger zip


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: balticcontrol.us
Sending IP: 45.147.231.28
From: laboratorio@balticcontrol.us
Subject: SOLICITUD DE COTIZACIÓN DE SERVICIO DE PRUEBA RÁPIDA Y / O MOLECULAR Y LECTURA DE RESULTADOS COVID-19
Attachment: DPR165.zip (contains "dpr165.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Nanocore.23.929.31112.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 07:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3uqrpq5nzc775lakpx4dr25jcuu2grjftvw4llei3ykjonckfsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

zip 36e908be1d6e45fff56053efc1c75d48a94d1a292ceb6e2d6446f0a4b9a25165

(this sample)

404Keylogger

Executable exe 01911f32fe6a9ad9db8891af99d4e05ec2eecc8f6f38d16aa0f947d6f174fe5c

  
Dropping
MD5 1d3fff3f36a7b2c1a80aa2dd019355a9
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 01911f32fe6a9ad9db8891af99d4e05ec2eecc8f6f38d16aa0f947d6f174fe5c

Comments