MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03b5f9740ffbcbfb6f889210e96b578868034d8355ce1fd4e84e93ad1f757d3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03b5f9740ffbcbfb6f889210e96b578868034d8355ce1fd4e84e93ad1f757d3b
SHA3-384 hash: 11fddf991c47bd37c05a572d034629b966424994684b1aaf4e9e5ef7325133c69e0849623c2f503e9c94bdee59db2397
SHA1 hash: ac57853a1ef0ca096fa36be51a74650840260a69
MD5 hash: eca602e48415f0a63555b09ea584981e
humanhash: zulu-east-william-purple
File name:ING BANK_RO0198453_PDF.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:574'342 bytes
First seen:2021-02-10 07:26:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:1WsDpAPmg69N6x33HplbSTAacGeksrFFyFtJUOR4b7c+QvRj7:YsDpDax33pxLkeksrFFC2ncZp7
TLSH 2DC423D82259381DC952AEBF67BE132491AF8754CC0452DB9037F69C802B67C7B06F6E
Reporter abuse_ch
Tags:geo ING rar ROU SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: centoswp.internew.gr
Sending IP: 185.78.221.121
From: ING Bank <noreply_payment.confirmation@ing.ro>
Reply-To: result.box2019@mail.com
Subject: Tranzacție_ finalizată prin ING Bank_RO0198456
Attachment: ING BANK_RO0198453_PDF.rar (contains "ING BANK_RO0198453.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03b5f9740ffbcbfb6f889210e96b578868034d8355ce1fd4e84e93ad1f757d3b/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ao27s5ap7pf7w34isiios22xrbuagtmdkxhb7vhij2j22h3vpu5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/03b5f9740ffbcbfb6f889210e96b578868034d8355ce1fd4e84e93ad1f757d3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 03b5f9740ffbcbfb6f889210e96b578868034d8355ce1fd4e84e93ad1f757d3b

(this sample)

SnakeKeylogger

Executable exe 640317fbdeabebaec309917e29d48dd89725afd6cb0943b6a1a0d192767c63c5

  
Dropping
MD5 b555ec21f7a394d02f4151900d2d2986
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 640317fbdeabebaec309917e29d48dd89725afd6cb0943b6a1a0d192767c63c5

Comments