404keylogger | 8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5 | Triage

Submit
Reports

Overview

overview

Static

static

DHl Delive...pt.exe

windows7_x64

DHl Delive...pt.exe

windows10_x64

Sharing

General

Target

DHl Delivery reciept.exe
Size

624KB
Sample

200818-t1jk5m8sc6
MD5

2cfdae4ee4082225277048a7735c1561
SHA1

da23e01a6e02dddfcd7a52b3822c28c5b16aafc2
SHA256

8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5
SHA512

764946c9a353ab7b4a71376efbfe143deaedfb753b6cf98489761b6fab442a79d07ef9b2e030f93f9bd9a3f7be7a65695e61f015da093dccfed8278be87df14a

Score

10^/10

404keylogger keylogger spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

DHl Delivery reciept.exe

Resource

win7

upx spyware stealer keylogger 404keylogger

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHl Delivery reciept.exe

Resource

win10v200722

upx spyware stealer keylogger 404keylogger

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.sapgroup.com.pk
Port:
587
Username:
moin.ansari@sapgroup.com.pk
Password:
moin@26919

Targets

- Target
  
  DHl Delivery reciept.exe
- Size
  
  624KB
- MD5
  
  2cfdae4ee4082225277048a7735c1561
- SHA1
  
  da23e01a6e02dddfcd7a52b3822c28c5b16aafc2
- SHA256
  
  8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5
- SHA512
  
  764946c9a353ab7b4a71376efbfe143deaedfb753b6cf98489761b6fab442a79d07ef9b2e030f93f9bd9a3f7be7a65695e61f015da093dccfed8278be87df14a
Score

10^/10

upx spyware stealer keylogger 404keylogger
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

upxspywarestealerkeylogger404keylogger

behavioral2

upxspywarestealerkeylogger404keylogger

© 2018-2024

Terms | Privacy