404keylogger | f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84 | Triage

Submit
Reports

Overview

overview

Static

static

5

f629522071...84.exe

windows7_x64

f629522071...84.exe

windows10-2004_x64

Sharing

General

Target

f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84
Size

1.7MB
Sample

220625-ek259sfeh3
MD5

f17184ba673aa0c58283ca4466d04864
SHA1

f51d8aa5678567b60549beb549849d2c6057caa4
SHA256

f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84
SHA512

5933fcd94962ecb828f7b393c05f139c568e62d7bc01ccc4e5392baf43ab0bf49e880f6ff9b06b0cb3ac82846ac498be1941604a8860de50af44201f0e040a1f

Score

10^/10

404keylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84.exe

Resource

win7-20220414-en

404keylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84.exe

Resource

win10v2004-20220414-en

404keylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
mohamedadjal@ahrass.com
Password:
chukwuma22

Targets

- Target
  
  f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84
- Size
  
  1.7MB
- MD5
  
  f17184ba673aa0c58283ca4466d04864
- SHA1
  
  f51d8aa5678567b60549beb549849d2c6057caa4
- SHA256
  
  f629522071fa7ae8e8b64c33a5b5bd243e45cae769ec13a8536f1abc1ab2ca84
- SHA512
  
  5933fcd94962ecb828f7b393c05f139c568e62d7bc01ccc4e5392baf43ab0bf49e880f6ff9b06b0cb3ac82846ac498be1941604a8860de50af44201f0e040a1f
Score

10^/10

404keylogger collection keylogger stealer
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

404keyloggercollectionkeyloggerstealer

behavioral2

404keyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy