MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6645ca72c1da8e6325dc17645413624742d223df8ca65c6a178ff600bc00cb52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 2 Comments

SHA256 hash: 6645ca72c1da8e6325dc17645413624742d223df8ca65c6a178ff600bc00cb52
SHA3-384 hash: 9b056ceb1ecd7397d26c84d21ad6ff8775772e9b33a9bd11e42dde0d08450f64f58a850a981a1c516c3e0c5b81fb4ad9
SHA1 hash: 172ad64a0574bf483b2154d76618499411b84059
MD5 hash: e03b9b92da8fbc6addeec4d471497c10
humanhash: july-uranus-kentucky-football
File name:BCM1940224 pdf.exe
Download: download sample
Signature 404Keylogger
File size:892'928 bytes
First seen:2020-06-29 18:07:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a5cc778d0f4132de3891c04833334e8
ssdeep 12288:ijnGLjIup+Q67pPhPc3IAMXOvIHoFdDRVmqOJ1UVSJO8k9cO48fn7:ijoUuGNhPc3uOIoScVS48k9i8fn7
TLSH 21156D12F2924433E1B276789C1B52BD983ABE10FD3858466BE5CD6C5F396C338352A7
Reporter @abuse_ch
Tags:404Keylogger exe


Twitter
@abuse_ch
Malspam distributing 404Keylogger:

HELO: rich-tek.co.th
Sending IP: 45.153.241.222
From: Directora de Compras <info@rich-tek.co.th>
Subject: NĂºmero de orden de compra BCM1940224.
Attachment: BCM1940224 pdf.arj (contains "BCM1940224 pdf.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country US US
CAPE Sandbox Detection:Phoenix
Link: https://www.capesandbox.com/analysis/16556/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
PUA.Win.Adware.Webalta-6854075-0
PUA.Win.Adware.Webalta-6862190-0
SecuriteInfo.com.Variant.Zusy.307899.10298.11102.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/6645ca72c1da8e6325dc17645413624742d223df8ca65c6a178ff600bc00cb52/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-29 18:09:05 UTC
AV detection:28 of 31 (90.32%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   8/10
Malware Family:n/a
Link: https://tria.ge/reports/200629-b38syklt9x/
Tags:spyware
VirusTotal:Virustotal results 38.89%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

Executable exe 6645ca72c1da8e6325dc17645413624742d223df8ca65c6a178ff600bc00cb52

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments