MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd0b52945a11d0dd8ba4cfb9441e9c5a3a3dcb7984ddb8486c6bec10473aa9d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd0b52945a11d0dd8ba4cfb9441e9c5a3a3dcb7984ddb8486c6bec10473aa9d1
SHA3-384 hash: c72f73ec197c289e4ced0e76a97d018d270af132533b30a1571055764fa71429128b40a8233f33afcdf05576195b24fa
SHA1 hash: 692b254c46c0752724776167ab8bc2a922230bea
MD5 hash: 4e9abf4babf3ebfd1919e8b6793cd133
humanhash: lamp-sierra-burger-zebra
File name:Purchase Order N EQ 0010-0121.arj
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:765'371 bytes
First seen:2021-01-11 08:52:12 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:hNf9wZlXEtfGq8Ae4OMcUy983RhmXzm7a6x7cBcvr7bP+D7ZDxkJCZTrHAviKYNe:j1RGxMbI83vmXC7a6VcBcj+D7ZDxkkHY
TLSH EFF43350727889C41D41C84EC352BB471E9B034BFF6588E1F4F86E93AB518EED9A21F5
Reporter abuse_ch
Tags:404Keylogger arj


Avatar
abuse_ch
Malspam distributing 404Keylogger:

HELO: delcot.net
Sending IP: 45.153.240.255
From: Marketing / Sales <ahsan.habib@delcot.net>
Subject: PURCHASE ORDER N° EQ 0010-0121
Attachment: Purchase Order N EQ 0010-0121.arj (contains "Purchase Order N° EQ 0010-0121.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd0b52945a11d0dd8ba4cfb9441e9c5a3a3dcb7984ddb8486c6bec10473aa9d1/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-11 08:53:05 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ufvffc2chin3c5ez64uihu4li5d3s3zqto3qsdmnpwbarz2vhiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fd0b52945a11d0dd8ba4cfb9441e9c5a3a3dcb7984ddb8486c6bec10473aa9d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

arj fd0b52945a11d0dd8ba4cfb9441e9c5a3a3dcb7984ddb8486c6bec10473aa9d1

(this sample)

404Keylogger

Executable exe 48bd479dd78532b0b8a04394e3bcc9d053484c1b43840cc40e453952b9f8161d

  
Dropping
MD5 a931a16b753c3a6bf65ab2fd203d8216
  
Dropping
404Keylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 48bd479dd78532b0b8a04394e3bcc9d053484c1b43840cc40e453952b9f8161d

Comments