MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57c9003b622f96ce917533250724ab258909f4f29368a9b896339bdc166954d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57c9003b622f96ce917533250724ab258909f4f29368a9b896339bdc166954d8
SHA3-384 hash: d643cb30aee899be5d38b14ef8281331a33bfc804520b232810fb354c2b0054df7df594f4584a331569d37e1bf5f596a
SHA1 hash: c10b00257fc5a2cefbbbb745d0f4e84d0c4ea55b
MD5 hash: 6ce6389c9e715973f6897cdfc08402e9
humanhash: pizza-hotel-juliet-bakerloo
File name:068c47c4aaf606a90ceb4e185f1520bf.exe
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:112'128 bytes
First seen:2020-03-30 22:00:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:XgjqkFZHBbZko6seXstwB9XJ5c+jKMT/1vQ+4GG/3Xr8MqtLGYY:XGZHBbZCQ3X
Threatray 97 similar samples on MalwareBazaar
TLSH 71B3A54C77989160E1EE87B089F3432482B9E4979927CF0F09C615FB5B2F352894EAD7
Reporter abuse_ch
Tags:404Keylogger exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1UIQFiAaur7Lq7kgHcs3ek0RmgAqcQIpi

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

e0852494a957428206053d53b2427fac45897a4ab7f97f7a57d69a00a0dd7ac0

404Keylogger

Executable exe 57c9003b622f96ce917533250724ab258909f4f29368a9b896339bdc166954d8

(this sample)

  
Dropped by
MD5 068c47c4aaf606a90ceb4e185f1520bf
  
Dropped by
MD5 f1719b0e0bc3a647aca9228f5dc33553
  
Dropped by
GuLoader
  
Dropped by
SHA256 e0852494a957428206053d53b2427fac45897a4ab7f97f7a57d69a00a0dd7ac0
  
Dropped by
SHA256 6be50fb31371eee97afcb6521cd84a343fb3c6d0f62643f7187268a3ca73a173
  
URLhaus
https://urlhaus.abuse.ch/url/332516/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments