MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cddbfea4980df4a7c86f26485fbe24281c9fd9d37b17106e85836409f762432e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cddbfea4980df4a7c86f26485fbe24281c9fd9d37b17106e85836409f762432e
SHA3-384 hash: 29fdb67b22f43f776a7507341ec1fdd5f2d897ff25d447a1efd9627f2562ad95aab5f1d46173ef4edd7cc8d40e3d6f2a
SHA1 hash: c54b2f5e10b3653fe183055f325b2b2938ab4ef9
MD5 hash: a2cedc844db4bc6c28e7409343918dda
humanhash: mike-ceiling-nine-moon
File name:Covid -19 Safety Measures.ace
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:999'281 bytes
First seen:2020-03-29 12:22:45 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 24576:/mgQnR2t0RumZaB5s4y4InT6qGroq92xxCod5vNz:FQnIxmZaB64BI+Vs/XdxB
TLSH 90253337F14A0FACC44F1DE3266D2E60C56685D4AD768A386CE33919CD3D6FE2128D68
Reporter abuse_ch
Tags:ace COVID-19


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: smartermail.bertina.us
Sending IP: 88.99.148.34
From: World Health Organisation <support@atra.ir>
Subject: SAFETY COVID-19 (Coronavirus Virus) AWARENESS - Safety Measures..
Attachment: Covid -19 Safety Measures.ace (contains "order pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 12:35:26 UTC
AV detection:
22 of 46 (47.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

ace cddbfea4980df4a7c86f26485fbe24281c9fd9d37b17106e85836409f762432e

(this sample)

404Keylogger

Executable exe e165e9b297ead19fb65c8510105aaed635dacdb999483321525e456187804391

  
Dropping
MD5 ab5e071a91af8ab7cf8180cca22dc1ce
  
Dropping
SHA256 e165e9b297ead19fb65c8510105aaed635dacdb999483321525e456187804391
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e165e9b297ead19fb65c8510105aaed635dacdb999483321525e456187804391

Comments