MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e1e4c43639edf7e533f22aa67b4fbe57d43f8e66ce607ce61aef631fcc92ab3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e1e4c43639edf7e533f22aa67b4fbe57d43f8e66ce607ce61aef631fcc92ab3
SHA3-384 hash: 2f162511659a71282c425597627e93d17b0bf771fb652e52a50ff7e947c81c2144949e0f9bb38173d946860b1a91eb74
SHA1 hash: 6fcec2f8224bd6f73e9a54ef1429271e4c77e4e5
MD5 hash: c4252b3cac9fa0a08a98ae4b2ffdca9b
humanhash: cat-cold-india-one
File name:OC2211.arj
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:396'666 bytes
First seen:2021-02-16 06:27:40 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:1ampwQUaIxqM40Fg+/I6rgEEVlGs3ZCGMaB59f5ux0t/MD5XcTT0BM7p:wxG0kLhKsZ9MaJ5AenYMd
TLSH D58423E91CBB9866C1FF4D8E7361E0C70E4FBDC89E2A2095C9C80D25A563867709457F
Reporter abuse_ch
Tags:404Keylogger arj


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: rt0.208.xorox.gq
Sending IP: 128.199.97.59
From: Sales <finanzas@comex.com.pe>
Subject: Orden de compra OC221 (Purchase order OC221) Urgente
Attachment: OC2211.arj (contains "OC2211.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e1e4c43639edf7e533f22aa67b4fbe57d43f8e66ce607ce61aef631fcc92ab3/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-02-16 06:28:07 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nypeyq3dt3px4uz7ekvgpnh34v6uh6hgnttapttbv33dd7gjfkzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.86
Link:
https://yomi.yoroi.company/submissions/6e1e4c43639edf7e533f22aa67b4fbe57d43f8e66ce607ce61aef631fcc92ab3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

arj 6e1e4c43639edf7e533f22aa67b4fbe57d43f8e66ce607ce61aef631fcc92ab3

(this sample)

404Keylogger

Executable exe 40ed2cee21f04d3dd5a62951a4b99976327816ee918255bc12b6d40247b2b1c0

  
Dropping
MD5 b398016c2c3010ef8c0f27aa42b644a6
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 40ed2cee21f04d3dd5a62951a4b99976327816ee918255bc12b6d40247b2b1c0

Comments