MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270
SHA3-384 hash: 04180d1a9bc1e0ec3a1675dfff7dc416c927a41673f5f361f622d5a4134c13a8afb6b56cedf9bfa6c1360c9309991158
SHA1 hash: ff21a34f17713d06c8d786043f8c01ff1a3e5419
MD5 hash: c5f05de51de93cda05d218a60dd34c4d
humanhash: lactose-shade-hamper-april
File name:DHl Delivery reciept.arj
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:283'154 bytes
First seen:2020-08-18 13:22:44 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:OCI5O1r7KU59Gc5r/fx1tpATl3DtlqtusQVjsAzpHW3cf6TucjjBbuM:O/A9L5Dx1wTtHfnpHtSTugBiM
TLSH 655423DAC8FDF3F01809E99763493A1A976225D5431F2F1223D81F960B3273D2945E9B
Reporter abuse_ch
Tags:404Keylogger arj DHL


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: dhl.com
Sending IP: 23.106.223.169
From: DHL QUERY <dhaquery@dhl.com>
Subject: DHL: Urgent:Delivery Receipt Wrong delivery Address Report
Attachment: DHl Delivery reciept.arj (contains "DHl Delivery reciept.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 13:24:10 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g73v7l4q4qfdvf3lp6jifokavywkaazjwuvre4thtrvevva2mjya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Password Stealer
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

arj 37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270

(this sample)

404Keylogger

Executable exe 8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5

  
Dropping
MD5 2cfdae4ee4082225277048a7735c1561
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5

Comments