MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0af21101bfccf3d7d4e614592285f4f8ef89dcae54c192e64c1344eeda0f489a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0af21101bfccf3d7d4e614592285f4f8ef89dcae54c192e64c1344eeda0f489a
SHA3-384 hash: 5fbd8800d3548406e7250df565a6edf6e39f364ab72b5164feab8d43786677a778e2a58d73727bbf5a5841fc154fd972
SHA1 hash: c4d152fa55c53a7c75486496f90d4358daa11d9b
MD5 hash: 4bf6aee4a3bddc0b454ff21353de3733
humanhash: salami-steak-william-west
File name:Emailing PAYMENT 001-31-515208021256.r00
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:319'901 bytes
First seen:2020-08-03 07:45:11 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:KrcyiQ+0PPTyYmDc3uVj0vceO6837OaJuC0wxVoubRs3XQPJT/4uquJAHxihKJ:Ucyr5Djmo3Iwvcez837LIC5PvbRsHM/8
TLSH A2642306FB6BFB19E54A18899799C9F1810D6CA3E33A0D405C428F2BECD6137F3961B5
Reporter abuse_ch
Tags:404Keylogger r00


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: dunesindustries.com
Sending IP: 185.222.57.207
From: Baskar <baskar@dunesindustries.com>
Subject: Re: [victim-domain] Bank slips for new orders deposits
Attachment: Emailing PAYMENT 001-31-515208021256.r00 (contains "Emailing PAYMENT 001-31-515208021256.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0af21101bfccf3d7d4e614592285f4f8ef89dcae54c192e64c1344eeda0f489a/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-02 16:19:39 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=blzbcan7ztz5pvhgcrmsfbpu7dxytxfoktazfzsmcnco5wqpjcna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0af21101bfccf3d7d4e614592285f4f8ef89dcae54c192e64c1344eeda0f489a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

r00 0af21101bfccf3d7d4e614592285f4f8ef89dcae54c192e64c1344eeda0f489a

(this sample)

404Keylogger

Executable exe 3cac6951b870ea92b65b38ffbae3777f979788da0a8fac7ddc0cab11eb46e6e8

  
Dropping
MD5 0ec204fa7f4755fb26e17db7a9b6c473
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3cac6951b870ea92b65b38ffbae3777f979788da0a8fac7ddc0cab11eb46e6e8

Comments