MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e87b86817a7a63d7084319ed07a798c9b64ddf482d7ee59549d4aa3280f20a08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e87b86817a7a63d7084319ed07a798c9b64ddf482d7ee59549d4aa3280f20a08
SHA3-384 hash: 645f52cbfca19edfb23e61e4125f563ec4a715c87e6e46fa0d40507b3c4d2f3ec60a28067301951a890defd00810d6a8
SHA1 hash: e3602ae179d4bbad211f08231eb262ec12a1ae4c
MD5 hash: 88841a1cd43a61ba35d58e701317b686
humanhash: cardinal-foxtrot-freddie-lake
File name:Aviso de transfer.zip
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:309'906 bytes
First seen:2021-02-15 06:54:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:kyhH52KBkr9/H1uuO2MSqzTq3tN0/rvX0r+KDfk+4PgnXpjesZ:kyhH5Jq9/H1uBSqvq3tes+2fkFPWXZ
TLSH AC64239AFD1F087196FB7DCE082348A901F2E6466015B1CDABCE516B15E9BC23AD3133
Reporter abuse_ch
Tags:ESP geo zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hrt0.309.plxo.ml
Sending IP: 159.203.91.9
From: ventas <ventas@oxipen.com.ar>
Subject: RV: Aviso de Transferencia
Attachment: Aviso de transfer.zip (contains "aviso de transfer.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.357731.2745.8406.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e87b86817a7a63d7084319ed07a798c9b64ddf482d7ee59549d4aa3280f20a08/
Threat name:
ByteCode-MSIL.Spyware.Fooflo
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 06:55:11 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5b5ynal2pjr5occddhwqpj4yzg3e3x2ifv7olfkj2svdfahsbiea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e87b86817a7a63d7084319ed07a798c9b64ddf482d7ee59549d4aa3280f20a08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

zip e87b86817a7a63d7084319ed07a798c9b64ddf482d7ee59549d4aa3280f20a08

(this sample)

404Keylogger

Executable exe cab9baeed0b5b271cf9de3361483d662e52c75dd6a73544701980f29210dc49e

  
Dropping
MD5 78beed59bdbe8e675f2ca67f22dd92be
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cab9baeed0b5b271cf9de3361483d662e52c75dd6a73544701980f29210dc49e

Comments