MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bf0ddecf628fbe8b53c008f0c69c1da41c652723d28cca69eb6fc3a2679d123. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bf0ddecf628fbe8b53c008f0c69c1da41c652723d28cca69eb6fc3a2679d123
SHA3-384 hash: 7b1de69f6f9d3039e14edb883eb87e6f23ac9a166ee098817fbec4b1e22373998bb2fa31d9e41336f5bda1dbdf6123d9
SHA1 hash: ffb2b2e04622d5a4c27e6df4048b4669fd70da77
MD5 hash: 84a683903f26e1b0cb9ab238c8d49d87
humanhash: earth-leopard-table-fifteen
File name:Quotation 202630 U8t3.gz
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:220'643 bytes
First seen:2020-08-05 09:26:29 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:yOGHNChA+GK2U+199sX5FrLKQ/4rP3H+6IN:yRHNxfUJX5FVevH+lN
TLSH EC2413C1F9F31B9CC2134DA1CB9B714E48AAE0D5C88F6C09180662655B7BBB06E757CB
Reporter abuse_ch
Tags:404Keylogger gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: futureomanllc.com
Sending IP: 185.222.57.207
From: Vishnu Satheesh <ftmct@futureomanllc.com>
Subject: Quotation 21946 3MuR7U 202630 U8t3
Attachment: Quotation 202630 U8t3.gz (contains "Quotation 202630 U8t3.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bf0ddecf628fbe8b53c008f0c69c1da41c652723d28cca69eb6fc3a2679d123/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 07:25:00 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpyn33hwfd56rnj4achqy2ob3ja4mutshuumzju6w36dujtz2erq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3bf0ddecf628fbe8b53c008f0c69c1da41c652723d28cca69eb6fc3a2679d123

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

gz 3bf0ddecf628fbe8b53c008f0c69c1da41c652723d28cca69eb6fc3a2679d123

(this sample)

404Keylogger

Executable exe dae557d5b57d32d21d88a3806fb3546da8c536bf0692c81ee928a954a0ce4fb2

  
Dropping
MD5 762e1a4aacfa0a6f1b334efe011ff530
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dae557d5b57d32d21d88a3806fb3546da8c536bf0692c81ee928a954a0ce4fb2

Comments