MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a32b0914665ddc04ed66714a87390f6526df685b49dc6a4f4c37044695f9b64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a32b0914665ddc04ed66714a87390f6526df685b49dc6a4f4c37044695f9b64
SHA3-384 hash: 5f0f8c6dbd884145d03481a2172ac0d2fa7b1cc4c6f26e72b4c41457383667f545a8621f34cac7ce840fe7858318495a
SHA1 hash: e9c730f21e6edeca5ea8d67c822df65e2357ba0a
MD5 hash: 51922ac216893b58742058f7f2f02198
humanhash: quiet-green-april-skylark
File name:swift transfer copy 639082020.7z
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:408'641 bytes
First seen:2020-10-11 12:03:00 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:r9OiccB9iXvNDfwxvAtfM2quD8aXgkdasFhdxWfes8O5gF6TSXw4A4mC7tS:InRNL84tEPuD8igkdasPdxWfFL5eO1
TLSH 9E94239BF1B660A3EC305B6E8DD97A480859E5706A94C5BC7781111FB729BEF30CF809
Reporter abuse_ch
Tags:404Keylogger 7z


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: seapinepower.com
Sending IP: 185.222.57.213
From: Michael Kwong <michael.kwong@seapinepower.com>
Subject: RE: BANK TRANSFER SLIP
Attachment: swift transfer copy 639082020.7z (contains "swift transfer copy 639082020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a32b0914665ddc04ed66714a87390f6526df685b49dc6a4f4c37044695f9b64/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-11 10:52:48 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tizlbekgmxo4atwwm4kkq44q6zjg35ufwso4njhuynyei2k7tnsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Password Stealer
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/9a32b0914665ddc04ed66714a87390f6526df685b49dc6a4f4c37044695f9b64

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

7z 9a32b0914665ddc04ed66714a87390f6526df685b49dc6a4f4c37044695f9b64

(this sample)

404Keylogger

Executable exe 50bf9e38c817f386cbf2b43ce3766d898571a21e5bb690ad89f851d5bf017bb7

  
Dropping
MD5 7282d6e41cdd877032ac87a721f273ae
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50bf9e38c817f386cbf2b43ce3766d898571a21e5bb690ad89f851d5bf017bb7

Comments