MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 024a42ca971cc3063382798a538a39510baa01bc1c45b2ae2cb4526da55e5560. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
SnakeKeylogger
Vendor detections: 15
| SHA256 hash: | 024a42ca971cc3063382798a538a39510baa01bc1c45b2ae2cb4526da55e5560 |
|---|---|
| SHA3-384 hash: | 6653c0c20bd8d0727d50fbf15e5e52b693d584115ff1712d6ae881de18e22b78acd2ea35993cdc9a68b47b20dc68102a |
| SHA1 hash: | f9a889409ed5672a484954b69b71d59903184607 |
| MD5 hash: | 3562df3551e776e3dd6dd761dc71649b |
| humanhash: | missouri-whiskey-happy-jersey |
| File name: | INQUIRY NO. CI101-9006.exe |
| Download: | download sample |
| Signature | SnakeKeylogger |
| File size: | 1'021'952 bytes |
| First seen: | 2022-09-21 13:15:42 UTC |
| Last seen: | 2022-09-28 07:17:54 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger) |
| ssdeep | 12288:2fOBqbvuNZIIT7DF36il6OISEflLNJ6C7pslj:2yD3HB9UOIhdpJ |
| Threatray | 4'236 similar samples on MalwareBazaar |
| TLSH | T12D259E3167EA9E03E26A57B5C0D0D43087B76D06E126C64B1FC61CDF7232BE69A81727 |
| TrID | 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.4% (.EXE) Win64 Executable (generic) (10523/12/4) 6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.4% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.EXE) OS/2 Executable (generic) (2029/13) |
| File icon (PE): |  |
| dhash icon | f72e98b1b9dccecf (17 x AgentTesla, 16 x SnakeKeylogger, 3 x Formbook) |
| Reporter |  abuse_ch |
| Tags: | exe SnakeKeylogger |
Intelligence
File Origin
# of uploads :
5
# of downloads :
275
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
INQUIRY NO. CI101-9006.exe
Verdict:
Malicious activity
Analysis date:
2022-09-21 09:15:10 UTC
Tags:
evasion trojan snake
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
75%
Tags:
anti-vm packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Verdict:
Malicious
Result
Threat name:
Snake Keylogger
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected AntiVM3
Yara detected Generic Downloader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Status:
Malicious
First seen:
2022-09-21 09:52:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
28
AV detection:
21 of 26 (80.77%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 4'226 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Score:
10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Unpacked files
SH256 hash:
49bdf1ed18d453e600a6c7301f1b061f10287420791b8b9feb0369e9dda02f6e
MD5 hash:
3ffbc0acbbb9980bff34a8d6ab1218a6
SHA1 hash:
dbe6a122a17fb0dd8a2953c1e41d12f04520bfd5
SH256 hash:
70dfa4c873605ab0fcdcb62be2a970da110535280d8dc88261edbe1ed2865307
MD5 hash:
d5b0f8aff064b3e828421b48efccd312
SHA1 hash:
724f4bc7ab4e08c45562748b739c8f7496a5ad8f
SH256 hash:
b96e4b6666a4d5fcebec77a0741d29599c059fe75ba27a495c89fed05bce7076
MD5 hash:
d9615454266386dc9be386a2afd374ab
SHA1 hash:
40e9d44d28038ee9a4e3d66b190043b0ec992b11
SH256 hash:
db4bda811167cce5782202cdd6f69875d9e191a426b8d203d97803783a733c06
MD5 hash:
239d0a2752edb8594f67de8326485d26
SHA1 hash:
198f1de6dae4541edf333656f70bfe884f6202bc
Detections:
snake_keylogger
SH256 hash:
532dd2319fe4b024db5176077fefbf8b9742e73f041d8d662a3d94a0469224ab
MD5 hash:
69fb7656397a51b1adb35d2955800c22
SHA1 hash:
16010d3104b73bf6ddde77e01c550b23fb84e1d1
SH256 hash:
024a42ca971cc3063382798a538a39510baa01bc1c45b2ae2cb4526da55e5560
MD5 hash:
3562df3551e776e3dd6dd761dc71649b
SHA1 hash:
f9a889409ed5672a484954b69b71d59903184607
Malware family:
SnakeKeylogger
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.