MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PhoenixKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdf96811c3ce5645b19c096fa4fffca84bcb7dc4885008f83373fe580ea57f01
SHA3-384 hash: 9d687061794d92199113cbd1447b7db9837ef5ed1bfa67a7292a96622282180ae60ee58f129ed404183af41a629c90b6
SHA1 hash: d2e1989c3efc56909510b6aec7ee20f720afb1df
MD5 hash: 8cc7544c09deb420b50ef840f6f1c289
humanhash: georgia-fillet-bakerloo-diet
File name:Payment Comfirmation.exe
Download: download sample
Signature PhoenixKeylogger
Create hunting rule
File size:388'608 bytes
First seen:2020-04-02 05:52:56 UTC
Last seen:2020-04-02 06:44:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:WMtN0VRIzAPrLVaQsebNU13fQjrd4HeSsvzXaeI2ws3:7tN9zAPrpaxGU1I94Yvzw2
Threatray 99 similar samples on MalwareBazaar
TLSH B684CE13B252CBD5C6007A726BF495902B67F2CF1372EA1B268E4325AA437C77E5E143
Reporter jarumlus
Tags:PhoenixKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.26277.31747.20107.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 06:49:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zx4wqeodzzlelmm4bfx2j774vbf4w7oerbiar6btop7fqdvfp4aq._file
Verdict:
unknown
Similar samples:
0068cd1c85fc05f425fc6213b8317b2827528285d1a73b7df6135123161448ee
PhoenixKeylogger
08fdccf1656b70f8bf5725536429039d536e2fa060ed2b1d689649ffb57e2cbd
PhoenixKeylogger
652408958600d63469d0ca6534e7c223f9d3794267fe49fe5e924e28b3dbd0d9
PhoenixKeylogger
7d361a3eff51e1fd5abfb175450ef7a0323cf39b7b719b9189216ba06a85e3cd
PhoenixKeylogger
896152b5c1395d1a5cc2b9e57583cbba5d8ce128419d86dcdc7bd23f54bb19d4
PhoenixKeylogger
a5141cdbe92ab9cc719bbefe36250a0bf11c401ba4720cfffed89147d41085cc
PhoenixKeylogger
ba9c641828f465a988c43c858463602faadc4bc688b5b58d9a80bd25fd45a4d6
PhoenixKeylogger
c5a4176174c6cd1b56e9e5dc37d4338bbede8af3db82c53a94e41b359bc8c98c
PhoenixKeylogger
e1c1a8c39ce7658e5e8a3ab916d86a24d99f1c804b20ea93e5a2e3c50c87cd0e
PhoenixKeylogger
ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba
PhoenixKeylogger
+ 89 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments