Extracted

• • Target

    35967d502af4e8613eee696586c27b6823580e6d9aeee5adec20186083f8bec4

  • Size

    375KB

  • MD5

    3ef6284d5ff32226b50f77faf6851a82

  • SHA1

    af506a31db5d94eb9b77585651732e516291720d

  • SHA256

    35967d502af4e8613eee696586c27b6823580e6d9aeee5adec20186083f8bec4

  • SHA512

    a1fd23795a2c0eb4a676e6c9b8f7e6e3a02717b273414b4b77e49602fcfd99b8ca71a14f6d3ae8a931e88de96b4c3114fce715ce5d855742e76b7e0fbf91feb5

  Score

  10^/10

  persistence404keyloggercollectionkeyloggerstealer

  • 404 Keylogger

    Information stealer and keylogger first seen in 2019.

    stealerkeylogger404keylogger

  • 404 Keylogger Main Executable

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2