MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93d1b435018f922a8d54b39f7cfb572ec446aed80929a8354761eef51e0de69c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93d1b435018f922a8d54b39f7cfb572ec446aed80929a8354761eef51e0de69c
SHA3-384 hash: d4f287f580197518d68554365d2325b1d4de768fcf080c51f37c6a8095011659b307266814b67eb26a65d5fad169e643
SHA1 hash: 6224bfa7a57abd1c1e77818ce2800541bcc25801
MD5 hash: c628a149fa2c41e3f40aa49c3cc1b4b7
humanhash: william-asparagus-floor-glucose
File name:Orden de compra xls.zip
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:325'835 bytes
First seen:2021-02-24 07:02:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ZBMWiycd4eKDKF/056okvmi7g6HjpTheJ:7fBcSecKF/Rv77jHjpE
TLSH E86423B2C01AA68D87B4B3E045257ECF1B9A88A0578D48BD7DBA53EC36047BF4D52871
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: df0.317.xvonq.ml
Sending IP: 161.35.121.193
From: Vanessa Zuasnabar (GP) <vanessa.zuasnabar@grating-prodac.pe>
Subject: ORDEN DE COMPRA 04-21
Attachment: Orden de compra xls.zip (contains "orden de compra xls.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_xls.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93d1b435018f922a8d54b39f7cfb572ec446aed80929a8354761eef51e0de69c/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 07:03:10 UTC
AV detection:
16 of 47 (34.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spi3inibr6jcvdkuwopxz62xf3cenlwybeu2qnkhmhxpkhqn42oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

zip 93d1b435018f922a8d54b39f7cfb572ec446aed80929a8354761eef51e0de69c

(this sample)

404Keylogger

Executable exe c346d3a0a6b975f4d663c2640bd6bd8fe0f0028b31420b68b5a585fec69eafc9

  
Dropping
MD5 ebb6953b42064816c172bf1384bff891
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c346d3a0a6b975f4d663c2640bd6bd8fe0f0028b31420b68b5a585fec69eafc9

Comments