MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f87d3d2de86061021fe30c5afe9d8e7154549036ba68200064658031c325eff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PhoenixKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f87d3d2de86061021fe30c5afe9d8e7154549036ba68200064658031c325eff
SHA3-384 hash: 4721baa411886bf9425781bf6209909ee503ec64ef5cb4832b17bc5f2a99bd3faa216ec8d57bf247e609469d6466eab0
SHA1 hash: a525c95a7ea4fd28366c0685df2a18fc70705e74
MD5 hash: 171d213647672f7097e266f992e944fc
humanhash: nebraska-georgia-golf-mountain
File name:QUOTATION REQUEST.arj
Download: download sample
Signature PhoenixKeylogger
Create hunting rule
File size:300'723 bytes
First seen:2020-07-09 14:50:31 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:RwnMMDYo5OkfXakJ0Smu74QZZ/G5sB4rgh/Rs9:RwMMS8XaU0s7vZtG58s9
TLSH C1542310D18875A58BF3F2B1634CFB8F29BB07405A41621BDBA0BCCD642F5D44F566AA
Reporter abuse_ch
Tags:arj PhoenixKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tabrospharma.com
Sending IP: 45.153.241.102
From: Head of Procurement <regulatory@tabrospharma.com>
Subject: QUOTATION REQUEST (RFQ)
Attachment: QUOTATION REQUEST.arj (contains "QUOTATION REQUEST.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f87d3d2de86061021fe30c5afe9d8e7154549036ba68200064658031c325eff/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:52:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6d5huw6qydbaip6gdc272oy44kuksidnotieaagizmaghbsl37q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PhoenixKeylogger

arj 5f87d3d2de86061021fe30c5afe9d8e7154549036ba68200064658031c325eff

(this sample)

PhoenixKeylogger

Executable exe 4d10520e2b80ca42e98590435c36c5409a458d9a5bd0ad35b0f444d2ceb2626d

  
Dropping
MD5 311102ca55b09ee930cfceca5e4c06da
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d10520e2b80ca42e98590435c36c5409a458d9a5bd0ad35b0f444d2ceb2626d

Comments