MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd8062e9977fd80b004b6dc3fd635aef07841b974c88ae1903ffaf3257a9fd35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


404Keylogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd8062e9977fd80b004b6dc3fd635aef07841b974c88ae1903ffaf3257a9fd35
SHA3-384 hash: 00becdc2a69c7817a456940172485eb3daa78739f51d8b18fac7f9aad766835457158bc630171c9e75e36822cd2a330d
SHA1 hash: b3abda8ce4ef6d0e95c87d34319b36bc5b418dcc
MD5 hash: 538e26f7c1e97e499b05027a3b1beee7
humanhash: sodium-solar-london-grey
File name:PROFOMA INVOICE LPO-682768286830.exe
Download: download sample
Signature 404Keylogger
Create hunting rule
File size:442'368 bytes
First seen:2020-10-31 06:38:43 UTC
Last seen:2020-10-31 20:59:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:LJ9omsVVtQp0+/U/Rdu54Lx12n35nwAIIN57lPf:LJ9xUVtQp0+oR9L2nc+
Threatray 76 similar samples on MalwareBazaar
TLSH 4C9418F89346E65BCD4F017FA84A3D25E28A9B66C6ED448643D4B03D17FD30E6A9048F
Reporter cocaman
Tags:404Keylogger exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81410/
Detection(s):
Sanesecurity.Rogue.0hr.20201030-1712.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Creating a file
DNS request
Sending an HTTP GET request
Using the Windows Management Instrumentation requests
Setting a keyboard event handler
Reading critical registry keys
Sending a custom TCP request
Enabling autorun by creating a file
Result
Threat name:
404Keylogger AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/517448
Signature
Executable has a suspicious name (potential lure to open the executable)
Found malware configuration
Initial sample is a PE file and has a suspicious name
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected 404Keylogger
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd8062e9977fd80b004b6dc3fd635aef07841b974c88ae1903ffaf3257a9fd35/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 18:45:53 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wagf2mxp7mawaclnxb72y2254dyig4xjsek4gid76xtev5j7u2q._file
Verdict:
malicious
Similar samples:
2ac51bddbe245f1d8b6fd18e3e1c361445243006b9e8cdbfb9d5fcaa6cba2420
404Keylogger
4f5496a26b5b03fa0ab9e31c368978ab7975a503ff1525fe64bf40dfd442dac6
404Keylogger
7f363a61729c1b86467656b7d9e0c52a60e74049af6e68617790aaa29ac431d1
404Keylogger
889e0f1a941a10d2d3db388eb426e8d9e6303a2d09419787e3d7916b6a7999e2
404Keylogger
b156d54df509f02bed378383dc278b7da2a6ba2db0846d4c1086a3196c5bd8db
404Keylogger
d5d3cde374721294f774229ce8fa3cbf3edd4d3b489448ea7449ee63bbdc2c31
404Keylogger
dc00e8e3f7021f242e16107ba976697d93616473833233e85fec9842dca480df
404Keylogger
e4a3e20e267b49025b0c602b0af5b19c57711fc07f5442c356d5c57e1ee7cd31
404Keylogger
eda8bfc1dfcc087cb1e4033a5730953c3af823e6c3a4f16e7c72f1c7963bb683
404Keylogger
f94835d0cfac325ba2187c8bec1f9e9cff185a087be4de42832731c3c7a51adc
404Keylogger
+ 66 additional samples on MalwareBazaar
Result
Malware family:
404keylogger
Create hunting rule
Score:
  10/10
Tags:
family:404keylogger keylogger persistence spyware stealer
Link:
https://tria.ge/reports/201031-r8v2s4ngme/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
404 Keylogger
404 Keylogger Main Executable
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd8062e9977fd80b004b6dc3fd635aef07841b974c88ae1903ffaf3257a9fd35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

404Keylogger

r00 33a62256ce80dbd24ac41044d56a86bf38112d38473c6a53db46ade6ea997c15

404Keylogger

Executable exe fd8062e9977fd80b004b6dc3fd635aef07841b974c88ae1903ffaf3257a9fd35

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 33a62256ce80dbd24ac41044d56a86bf38112d38473c6a53db46ade6ea997c15
Cape
Cape
https://www.capesandbox.com/analysis/81410/

Comments