MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e347c94340746934e6237e90a9747d02f8c36ee911cb2b9d09d5c7dd1e4314b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e347c94340746934e6237e90a9747d02f8c36ee911cb2b9d09d5c7dd1e4314b
SHA3-384 hash: 06258a5604baea710fc3143618b72a48c49d021e0a2297d73af6d3bba9b31dac0f79517f30a57acfb0b7adad013d18cb
SHA1 hash: 05fd5ef5571417aae2d3ea3d2c1ff0760c6d5c02
MD5 hash: 6dcae08348ee0b4f12fcb94713f4d048
humanhash: glucose-wisconsin-yellow-cat
File name:DHL Shipment Notification Document 9671450633.arj
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:288'266 bytes
First seen:2020-10-09 05:58:30 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:KWhwlyIkQQK8wVkIEDq72G6F2ryKLWv+F4DhVT5YYQEOEQa4:vhwl9kQQKRx2RKCs4n5YnEg
TLSH 9E5423B3E82A14D3FAD129568AD2CC726E2DB8A1F53A305547893F4C08F5DF594B6B20
Reporter abuse_ch
Tags:404Keylogger arj DHL


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dhl.com
Sending IP: 45.153.243.120
From: DHL PARCEL <dhlparcl@dhl.com>
Subject: DHL Wrong Shipment Notification
Attachment: DHL Shipment Notification Document 9671450633.arj (contains "DHL Shipment Notification Document 9671450633.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e347c94340746934e6237e90a9747d02f8c36ee911cb2b9d09d5c7dd1e4314b/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 21:13:21 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ny2hzfbua5djgttcg7uqvf2h2axyynxoseolfooqtvoh3upegffq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6e347c94340746934e6237e90a9747d02f8c36ee911cb2b9d09d5c7dd1e4314b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

arj 6e347c94340746934e6237e90a9747d02f8c36ee911cb2b9d09d5c7dd1e4314b

(this sample)

404Keylogger

Executable exe 869fb5f7b10290ff21a86dfd49ad5cb09089f3fa543bb94282154596a431dcca

  
Dropping
MD5 49b396bde1a157e96029cf10cb993bf5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 869fb5f7b10290ff21a86dfd49ad5cb09089f3fa543bb94282154596a431dcca

Comments