404keylogger | 6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f | Triage

Submit
Reports

Overview

overview

Static

static

5

6f03ff2d34...4f.exe

windows7_x64

6f03ff2d34...4f.exe

windows10-2004_x64

Sharing

General

Target

6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f
Size

1.0MB
Sample

220625-gcar6agbaq
MD5

4b94597bc7d13ead3ba618bd7bc222f9
SHA1

d25fdd088c5bcacb93056821a52502b47b03e4e3
SHA256

6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f
SHA512

6c638efba643a013793dfa0b9b1700d7181a1b47c11796f6bb463a22400625e09d522edf16fc37f4534faea6a34dbeb4592794343d8f3f8f09de55e46191c7dd

Score

10^/10

404keylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f.exe

Resource

win7-20220414-en

404keylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f.exe

Resource

win10v2004-20220414-en

404keylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
isabellsepindler3@gmail.com
Password:
kakokako12345

Targets

- Target
  
  6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f
- Size
  
  1.0MB
- MD5
  
  4b94597bc7d13ead3ba618bd7bc222f9
- SHA1
  
  d25fdd088c5bcacb93056821a52502b47b03e4e3
- SHA256
  
  6f03ff2d346e59f0e9d9e51569b08fba6c610e7c82fd92719866124bd512054f
- SHA512
  
  6c638efba643a013793dfa0b9b1700d7181a1b47c11796f6bb463a22400625e09d522edf16fc37f4534faea6a34dbeb4592794343d8f3f8f09de55e46191c7dd
Score

10^/10

404keylogger collection keylogger stealer
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

404keyloggercollectionkeyloggerstealer

behavioral2

404keyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy