404keylogger | 85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d | Triage

Submit
Reports

Overview

overview

Static

static

85e6b8d717...5d.exe

windows7-x64

85e6b8d717...5d.exe

windows10-2004-x64

Sharing

General

Target

85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d
Size

332KB
Sample

220724-z7v1paggh9
MD5

173ec773d0b146dfb249629550901ded
SHA1

7bfa3586a135f95dba15b00385d8eec2f838d2be
SHA256

85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d
SHA512

a2a82ce38c42faa77acf038fecc7c95c1729d5d49ccbd6eb36e24d5f61c0435c633ba217cbde54df02623dc0092e4555c14b809ba0095d74a88ee123b956480f

Score

10^/10

404keylogger collection keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d.exe

Resource

win7-20220718-en

404keylogger collection keylogger persistence stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d.exe

Resource

win10v2004-20220721-en

404keylogger collection keylogger persistence stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d
- Size
  
  332KB
- MD5
  
  173ec773d0b146dfb249629550901ded
- SHA1
  
  7bfa3586a135f95dba15b00385d8eec2f838d2be
- SHA256
  
  85e6b8d717a4665d3e698c5c262e702daea50d296da35fdf6ca0c58ff5a71b5d
- SHA512
  
  a2a82ce38c42faa77acf038fecc7c95c1729d5d49ccbd6eb36e24d5f61c0435c633ba217cbde54df02623dc0092e4555c14b809ba0095d74a88ee123b956480f
Score

10^/10

404keylogger collection keylogger persistence stealer
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

404keyloggercollectionkeyloggerpersistencestealer

behavioral2

404keyloggercollectionkeyloggerpersistencestealer

© 2018-2024

Terms | Privacy