MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79fdfc36a197ce5957dfaab75de5d962e02a31e086a49506c14479e8cc79c647. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79fdfc36a197ce5957dfaab75de5d962e02a31e086a49506c14479e8cc79c647
SHA3-384 hash: 325a6c6585f0dfde84161e5b9d1d0eb237220a694fb5a3af8382facc91b8bf013c2520be66e64f079c358285de62bc9d
SHA1 hash: 25df15a47672d2fd73a594b1dceacccfbe78bc67
MD5 hash: d3028056d7ffaa521a0d18c1592d70a0
humanhash: violet-music-oxygen-cardinal
File name:New order.zip
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:377'314 bytes
First seen:2020-05-04 21:29:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:VngfoSo+iM6Jt3SQ5ZBTKFs6Vu0eMixgZcydI+oxuHdpHEM4o1iOk5jrgePT+:Vgfu+iM6J9H5ZpKFHuVqcydIRxuH14ol
TLSH 498423D3317A46D727E7FD97825F8E1BAE2901D9CB928FA4332F0900076B98D8C5592C
Reporter abuse_ch
Tags:404Keylogger zip


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: s20.servidorlatinoamerica.com
Sending IP: 72.9.148.195
From: Sherry Scott (Export) <macuna@dhpmetals.pe>
Subject: Re New Quotation 5/4/2020
Attachment: New order.zip (contains "New order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7759529-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.21106.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 13:28:54 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ph67ynvbs7hfsv67vk3v3zozmlqcumpaq2sjkbwbir46rtdzyzdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

zip 79fdfc36a197ce5957dfaab75de5d962e02a31e086a49506c14479e8cc79c647

(this sample)

404Keylogger

Executable exe cbeefe51466bc72c1d6ac6d8a24c4da9a9c8f66d2e388a057bb6ce5c197c152d

  
Dropping
MD5 8652ae4ebceeda4f66f430255abc91e3
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cbeefe51466bc72c1d6ac6d8a24c4da9a9c8f66d2e388a057bb6ce5c197c152d

Comments