404keylogger | 6a18a0c24a8fbf096c78a015fe26ffb799b301addcfc899a27037ff5478d266c

General

Target

4d10520e2b80ca42e98590435c36c5409a458d9a5bd0ad35b0f444d2ceb2626d.zip
Size

351KB
Sample

230430-q1ycsshg96
MD5

2bf58a04bb8c9df0ca45a41997fbc50c
SHA1

ea7749f6e534acce467be6dda40a2f8a8cbeb08e
SHA256

6a18a0c24a8fbf096c78a015fe26ffb799b301addcfc899a27037ff5478d266c
SHA512

766ffb97d9c640aa1754fd6888b96d158c81dcd3983405d2ddcbfb2a8cfd56fb1bb1f323433f27a77eda792f2b102366920bd55927212aa86c3127dadc69d7dd
SSDEEP

6144:N9I+zz5u6k2hg2V61Z0Fyko2xPaGSOIXIJUERY4e0aB7DOmOrwj7:7I+zF3bhE05laGSOIXIJUERYkaRDOmO2

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
eJkG%KP9

Targets

- Target
  
  4d10520e2b80ca42e98590435c36c5409a458d9a5bd0ad35b0f444d2ceb2626d.exe
- Size
  
  646KB
- MD5
  
  311102ca55b09ee930cfceca5e4c06da
- SHA1
  
  8fbe0182c4ae39acb97a23f16b5d758b4183ad4b
- SHA256
  
  4d10520e2b80ca42e98590435c36c5409a458d9a5bd0ad35b0f444d2ceb2626d
- SHA512
  
  0e812ff97fb68c2d635a681d12d21b997e81bb9a442bf1c375d7a459c1785bb355cb62227bb15672cd7146437d8f5274da8e348170c5570d247def339b8b73ee
- SSDEEP
  
  12288:6GvZepMqJ07C6YHyrn9baFbUBXrVAlLSjujRJK/sJ2:6IgpM+F6YHyDYFYUNSVA2
Score

10^/10

404keylogger collection keylogger spyware stealer upx
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

404 Keylogger

404 Keylogger Main Executable

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

UPX packed file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2