MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5
SHA3-384 hash: 09ecd19c29eeeca10ce285b7634b03a2b850b9effec2b4a80c372b7164981927b89c608ce6416c729e8c410bb8e50d05
SHA1 hash: 3ef782bd122ab87ea3ec5515f326455dc2d9b024
MD5 hash: bc7bf29b58d8e85aee6d5991683d627b
humanhash: one-grey-kilo-bacon
File name:Purchase Order E3007921.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:94'208 bytes
First seen:2021-05-11 12:25:45 UTC
Last seen:2021-05-11 13:06:14 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 192:yxOefhMB9Viq8E/DO7EB7p+N7sHw7P+zwTZOjAn96M:oJf2X18ka7EB72uW+zwTZOjAn9
TLSH F0937118BF8A42BBCCB94FB419B263424A37F9A668F29A0F35EC0509DF572835D03754
Reporter cocaman
Tags:iso SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?Q?Ji=C5=99=C3=AD_N=C4=9Bmec?= <info@crescogroup.org>" (likely spoofed)
Received: "from vxct13014.avnam.net (vxct13014.avnam.net [181.119.65.95]) "
Date: "Tue, 11 May 2021 12:00:04 +0100"
Subject: "Purchase Order E30079/21"
Attachment: "Purchase Order E3007921.iso"

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1146.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.MSIL.TrojanDownloader.Agent.HUF.23575.2830.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-05-11 12:26:15 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=alhlf2pjxaihfjg5765wvey7rrxpu6m4cqdforkuif4c6dothg2q._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210511-ff6edab65e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Snake Keylogger
Snake Keylogger Payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot1791466927:AAHD_mKnN05jD74hk8VEfBe-NORCSbM6oaM/sendMessage?chat_id=1413771094
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso 02ceb2e9e9b81072a4ddffbb6a931f8c6efa799c140657455441782f0dd339b5

(this sample)

SnakeKeylogger

Executable exe 9af68d42d1d36c20d81306679715a6f7e3d427d8c039344653f4ec6b43cd7ac5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9af68d42d1d36c20d81306679715a6f7e3d427d8c039344653f4ec6b43cd7ac5
  
Dropping
SnakeKeylogger

Comments