MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5b9b233b4d5ae9b877730f90fdca269bac6f81e279d4df9c6b06dc83e616b98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5b9b233b4d5ae9b877730f90fdca269bac6f81e279d4df9c6b06dc83e616b98
SHA3-384 hash: d38ed1b189bf4a3a01171b75df9a18abc3092b6265b4fd3d73a5b7cd8e6d6ce58e6ebf2d10093d340a52314fec065bd1
SHA1 hash: 08529bc9f2d9251073e454dc2308f26de0613017
MD5 hash: 52bcf809a391f3d879a69a61c9c0ed1f
humanhash: michigan-carolina-mountain-magazine
File name:c28dc2dff705efae42023003825b6d9f.exe
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:112'640 bytes
First seen:2020-03-31 18:48:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:qgLYQjmAk93lHH8lFrf2QRm8hel2GVKCCOXLDMqtpjpiOMFVb/:qgLYX93lHH8riTl20KCtHMqtLG3b/
Threatray 332 similar samples on MalwareBazaar
TLSH F3B3D74D37989464E2EE87B084F342248279D497996B9F0F08D718FA5B3F342894EED7
Reporter abuse_ch
Tags:404Keylogger exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1RTwMFLdzqN9xkWe6HvjmgoWPzc4cdAs5

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b8a3b47a54b1cc246bfb274bc61a7870e4b763ad1fa036a8b50974023e223228

404Keylogger

Executable exe e5b9b233b4d5ae9b877730f90fdca269bac6f81e279d4df9c6b06dc83e616b98

(this sample)

  
Dropped by
MD5 c28dc2dff705efae42023003825b6d9f
  
Dropped by
MD5 0f0bcac459baa6554c7574a40997d308
  
Dropped by
GuLoader
  
Dropped by
SHA256 b8a3b47a54b1cc246bfb274bc61a7870e4b763ad1fa036a8b50974023e223228
  
Dropped by
SHA256 f244107f39f388ce60aea7d4896e6ad57a04da45b10215a353f8ecd3d441a66d
  
URLhaus
https://urlhaus.abuse.ch/url/333123/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments