MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0054191bb943290daa62a316bb70797decb5065d37ff631ba789988f583cab8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0054191bb943290daa62a316bb70797decb5065d37ff631ba789988f583cab8e
SHA3-384 hash: b55a0aa451b9a5df17e9f07b27789a2fd8fab298974edbe576a257f290e955fd11c98f0d1249bbe2482052746dc5bd15
SHA1 hash: 7288624f3babc1d2c6a0971e028477addac66e54
MD5 hash: 24e814c5756aabcb402b2754243c64d1
humanhash: mexico-potato-potato-leopard
File name:OVERVIEW .pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:923'648 bytes
First seen:2021-04-07 06:00:46 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:embRtRNC32DnLLeVIcvOgz4jTDdXsnrd/JbMeZOkPeTdazdh8qtLKaa+sopucy1:embRkGDnHxcmZjndchBM3kyaiNc
TLSH 2515D02233859F64F2BEA775A061413043F2BD47E376D64E7C9CB19D2A72BC1C262762
Reporter abuse_ch
Tags:iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cloudhost-75426.au-south-1.nxcli.net
Sending IP: 103.224.90.79
From: THUN YI CO.,LTD <thunyi@ms29.hinet.net>
Subject: 採購諮詢
Attachment: OVERVIEW .pdf.iso (contains "OVERVIEW .pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0054191bb943290daa62a316bb70797decb5065d37ff631ba789988f583cab8e/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 06:01:25 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=abkbsg5zimuq3ktcumllw4dzpxwlkbs5g77wgg5hrgmi6wb4voha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0054191bb943290daa62a316bb70797decb5065d37ff631ba789988f583cab8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso 0054191bb943290daa62a316bb70797decb5065d37ff631ba789988f583cab8e

(this sample)

SnakeKeylogger

Executable exe ae1efe48a48d407e61531703344339809994b4c1bc339cdd4e4f5a4ec9f498b7

  
Dropping
MD5 9f9be1d3de165cee006c320b57d656a6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae1efe48a48d407e61531703344339809994b4c1bc339cdd4e4f5a4ec9f498b7

Comments