MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154
SHA3-384 hash: 56333701c1ac858dabf498de5b1a3a912168193ad8a2e2b75e386806fad29b76313951bfdd88eee83b24551efec8e72f
SHA1 hash: b11ff0b977b16863c34dc35126f1d3d13ab5cc4f
MD5 hash: 5ca02369b45067fe039314f38b286767
humanhash: yellow-fifteen-ohio-pizza
File name:039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:481'280 bytes
First seen:2022-04-25 05:21:35 UTC
Last seen:2022-04-25 05:30:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (29'903 x AgentTesla, 9'527 x Formbook, 4'668 x SnakeKeylogger)
ssdeep 12288:eR3E3HDei3oXA2jCXgXLz/HQOqzjW/NP:eRU3Hq6oXA2jBXHnqzjG
Threatray 2'756 similar samples on MalwareBazaar
TLSH T17CA4E02D37E88900E2BED9B225B14011C7B9A802195FEE0D57D2F42D3E3D6948E5AFD7
Reporter @xme
Tags:exe sansisc SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
238
Origin country :
BE BE
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/266224/
Detection(s):
ditekSHen.MALWARE.Win.Trojan.SnakeKeylogger.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Launching the process to change network settings
Creating a window
Setting a global event handler for the keyboard
Forced shutdown of a browser
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm cmd.exe control.exe evasive hacktool netsh.exe obfuscated packed replace.exe stealer stealer
Link:
https://www.filescan.io/uploads/62663037de94014db6253fab/reports/23fa3522-1fe7-4507-944f-85aabe684030/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/982196
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Contains functionality to capture screen (.Net source)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
snakekeylogger
Create hunting rule
Link:
https://mwdb.cert.pl/sample/039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154/
Threat name:
ByteCode-MSIL.Infostealer.Mintluks
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 05:22:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://www.spamhaus.org/query/hash/aoocmebwxah5kadaoj4zgpcdyty4pd63ug2uvhw3zaqx35e6yfka._file
Verdict:
malicious
Similar samples:
14044d11ed463dbd54f373bb665d89ce058ab1d05709132a1d1bd3ae3ce9501e
SnakeKeylogger
2c0096a156e0e652f2a5e45df812b92554b4ecda252d634daa9b13c69ced3c20
SnakeKeylogger
8c6f84113616b1af6dc8e1a8aaa38108aec5c9b2e5862a9c17ca609cdf51e5e5
SnakeKeylogger
8d583ca6c10494ab0e0f8375d65e5f1f999c8ddfeab0bf4b7aa4e19bef9f0873
SnakeKeylogger
be67149051cd685b5aa56bdbee718412157f65ff953ae7261dfa9fedfdd3e08c
SnakeKeylogger
c586cdae80de6a25dc94c91083dc6468b282767f522d49496f01d6e07e3b7ab0
SnakeKeylogger
eecb2904ac3b26aa730dc310741832f18a241754357cbd222b0497e414088a8f
SnakeKeylogger
+ 2'746 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection spyware stealer
Link:
https://tria.ge/reports/220425-f2j7fsbde8/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Drops file in Windows directory
Accesses Microsoft Outlook profiles
Drops desktop.ini file(s)
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154
MD5 hash:
5ca02369b45067fe039314f38b286767
SHA1 hash:
b11ff0b977b16863c34dc35126f1d3d13ab5cc4f
Link:
https://www.unpac.me/results/42f2ff41-9431-49d2-ae19-ddd6f239977e/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/039c261036b8/report/overview.html
AV coverage:
59.42%
AV detections:
41 / 69
Link:
https://www.virustotal.com/gui/file/039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154/detection/f-039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154-1650865300
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/266224/

Comments