MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9a61992e00e5ca3b1103262f66293f88a2404f470d6324a3e9e209a95b7bdbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PhoenixKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9a61992e00e5ca3b1103262f66293f88a2404f470d6324a3e9e209a95b7bdbc
SHA3-384 hash: d932aee7320cfa6120ec3db4766a6af608431c5294ce13392283faf1242781cb953d4646a95c92d17187e4090c87dbd4
SHA1 hash: 1d5da2854c8059f3a6023a6f53e3a121260fd412
MD5 hash: 085927cfb67ca7df6cbefb48036df717
humanhash: william-autumn-magnesium-echo
File name:SMK8238-0028937.arj
Download: download sample
Signature PhoenixKeylogger
Create hunting rule
File size:289'910 bytes
First seen:2020-07-20 10:41:56 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:hz2auRz0yWxJS1VpIiXVV5acNm6Mxqu/nPl8R452Ga8gYi/+IzRBwk:hzSz1VpIif8r6LEPls4mpz/wk
TLSH 995423EDD8A0AC08984BEB305FE37918304425F6F566F3F63FD9EB26120865CE15069A
Reporter abuse_ch
Tags:arj PhoenixKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: metaltree.com.sg
Sending IP: 23.106.215.1
From: Helan Joseph <jl@metaltree.com.sg>
Subject: Re: Revised Purchase Order
Attachment: SMK8238-0028937.arj (contains "SMK8238-0028937.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9a61992e00e5ca3b1103262f66293f88a2404f470d6324a3e9e209a95b7bdbc/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 10:43:07 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zgtbtexabzokhmiqgjrpmyut7cfcibhuodldesr6tyqjvfnxxw6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/c9a61992e00e5ca3b1103262f66293f88a2404f470d6324a3e9e209a95b7bdbc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

PhoenixKeylogger

arj c9a61992e00e5ca3b1103262f66293f88a2404f470d6324a3e9e209a95b7bdbc

(this sample)

PhoenixKeylogger

Executable exe 7dd02ed6230b0adde343aca84f8693a1c0d3ade225679849bf72849ad84107ca

  
Dropping
MD5 29752eef5f5a7a3a6c9d0bbd473d0576
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7dd02ed6230b0adde343aca84f8693a1c0d3ade225679849bf72849ad84107ca

Comments