404keylogger | bd704ad7133204a735457cb398b9eb5fd7662050ae1fcd379674cc4b06a70665 | Triage

Submit
Reports

Overview

overview

Static

static

3

c51c39d848...18.exe

windows7-x64

c51c39d848...18.exe

windows10-2004-x64

Sharing

General

Target

c51c39d848c20c850cfb0d3d46e3448d_JaffaCakes118
Size

334KB
Sample

240827-q2m88atcnc
MD5

c51c39d848c20c850cfb0d3d46e3448d
SHA1

9b4e635287a558f208c26e060a512d8a484ddee3
SHA256

bd704ad7133204a735457cb398b9eb5fd7662050ae1fcd379674cc4b06a70665
SHA512

ec5b7bf4257cfe5fe85c08d272a8e40851d18e2b315b80be33396d4de16e96d4ae619b5f567479df6099242bbc08554cb02f32a86552e10056172044af930a66
SSDEEP

6144:tXouwY91LBWi9GhXGWB80yPQzmAiWeZAykHLzExTCLNmTYY8YbsKOSgJ/wWGw/K1:No091L4i9GhXGWB80yPQzmAiWeZAykH+

Score

10^/10

404keylogger collection credential_access discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c51c39d848c20c850cfb0d3d46e3448d_JaffaCakes118.exe

Resource

win7-20240729-en

404keylogger collection credential_access discovery keylogger persistence stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

c51c39d848c20c850cfb0d3d46e3448d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

404keylogger collection credential_access discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c51c39d848c20c850cfb0d3d46e3448d_JaffaCakes118
- Size
  
  334KB
- MD5
  
  c51c39d848c20c850cfb0d3d46e3448d
- SHA1
  
  9b4e635287a558f208c26e060a512d8a484ddee3
- SHA256
  
  bd704ad7133204a735457cb398b9eb5fd7662050ae1fcd379674cc4b06a70665
- SHA512
  
  ec5b7bf4257cfe5fe85c08d272a8e40851d18e2b315b80be33396d4de16e96d4ae619b5f567479df6099242bbc08554cb02f32a86552e10056172044af930a66
- SSDEEP
  
  6144:tXouwY91LBWi9GhXGWB80yPQzmAiWeZAykHLzExTCLNmTYY8YbsKOSgJ/wWGw/K1:No091L4i9GhXGWB80yPQzmAiWeZAykH+
Score

10^/10

404keylogger collection credential_access discovery keylogger persistence stealer
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

404keyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer

behavioral2

404keyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer

© 2018-2024

Terms | Privacy