MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22f5c680762474a8a17b563032c1b94d59d1b83a1b7bf554ed30d2ddf3463df0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SnakeKeylogger


Vendor detections: 5


Intelligence 5 File information Yara Comments

SHA256 hash: 22f5c680762474a8a17b563032c1b94d59d1b83a1b7bf554ed30d2ddf3463df0
SHA3-384 hash: 22f9778a5e0e20a053611e6faa528e62f029b7e6c7c42d6c8c3542999d901d935fa9ca701f8ce3349e9e1c8d4ad9e3ef
SHA1 hash: e310faf7aa1a45f3e0a05bb831b59a5d4d05557e
MD5 hash: bb81bb161969c0a2115d7d085e9a93e0
humanhash: carbon-robin-snake-oxygen
File name:DHL contact form.xxe
Download: download sample
Signature SnakeKeylogger
File size:517'716 bytes
First seen:2021-02-23 07:19:20 UTC
Last seen:Never
File type:
MIME type:application/x-7z-compressed
ssdeep 12288:zzq4bFHLYwJNjKGcclhkp/0yAu6wafxpV/gnjmmCY:zzBpKGc0qpsyAWafxpV/gjBCY
TLSH 1AB423A9A355CA5BBA19B058E18E257D3ACC8D97F47CBD8BC9631DC20A0F02590F0D7D
Reporter @abuse_ch
Tags:DHL SnakeKeylogger Xxe


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: upbeat-moser.91-92-128-140.plesk.page
Sending IP: 91.92.128.140
From: DHL <dhl@dhl.com>
Subject: DHL Waybill Number 5901370451
Attachment: DHL contact form.xxe (contains "v2.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
59
Origin country :
FR FR
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2021-02-23 07:20:10 UTC
AV detection:
6 of 47 (12.77%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

22f5c680762474a8a17b563032c1b94d59d1b83a1b7bf554ed30d2ddf3463df0

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments