404keylogger | 55ab05e1697ce4d0f3a90ccb74c8af6c484d91d1dfd69f1509aa8b2e4aa61036 | Triage

Submit
Reports

Overview

overview

Static

static

5

d065412f70...18.exe

windows7-x64

d065412f70...18.exe

windows10-2004-x64

Sharing

General

Target

d065412f7009c7503dd316f39421237a_JaffaCakes118
Size

1.1MB
Sample

240906-y8zjtswhka
MD5

d065412f7009c7503dd316f39421237a
SHA1

7bfc3beb5a530ecfb21b87fb74a97b5ca9d19da9
SHA256

55ab05e1697ce4d0f3a90ccb74c8af6c484d91d1dfd69f1509aa8b2e4aa61036
SHA512

398fdc3680aa5fdf784d2e593ca041b7d5547df3a5825b88eba85da8a94c995cc76b0bdc5521b79e43764e9f47c8df9edca703b513f32fee3b75704b78a5325b
SSDEEP

24576:uu6Jx3O0c+JY5UZ+XC0kGso/Waw4SWH4InMUyKWY:gI0c++OCvkGsUWaw4qY

Score

10^/10

404keylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d065412f7009c7503dd316f39421237a_JaffaCakes118.exe

Resource

win7-20240903-en

404keylogger collection credential_access discovery keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d065412f7009c7503dd316f39421237a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

404keylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d065412f7009c7503dd316f39421237a_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  d065412f7009c7503dd316f39421237a
- SHA1
  
  7bfc3beb5a530ecfb21b87fb74a97b5ca9d19da9
- SHA256
  
  55ab05e1697ce4d0f3a90ccb74c8af6c484d91d1dfd69f1509aa8b2e4aa61036
- SHA512
  
  398fdc3680aa5fdf784d2e593ca041b7d5547df3a5825b88eba85da8a94c995cc76b0bdc5521b79e43764e9f47c8df9edca703b513f32fee3b75704b78a5325b
- SSDEEP
  
  24576:uu6Jx3O0c+JY5UZ+XC0kGso/Waw4SWH4InMUyKWY:gI0c++OCvkGsUWaw4qY
Score

10^/10

404keylogger collection credential_access discovery keylogger stealer
- 404 Keylogger
  Information stealer and keylogger first seen in 2019.
  stealer keylogger 404keylogger
- 404 Keylogger Main Executable
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

404keyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

404keyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy