MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af
SHA3-384 hash: 63571a142b8b3436e7b416923715ba5bb78cfd4a4ee5fd6a521fc15b3abcaaa86d8443912ce65b59815735779726fb22
SHA1 hash: 9569c782557fc618118cc9616a473c9c142476c1
MD5 hash: 369bf6c299a3f847d1734da9c3613e25
humanhash: quebec-burger-beryllium-ack
File name:Yêu cầu thanh toán đầu tiên CHI TIẾT NGÂN HÀNG MỚI.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:466'463 bytes
First seen:2021-09-21 01:51:49 UTC
Last seen:2021-09-21 03:09:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 6144:L8LxBrPmacccbTCcC+B3y/hdTtFm3ZjcrrXcrlzcto0qc/PUI/4h52C5tZx1s2oD:5C+BC/uKcrBcto9Elwh52gq23dfi2l0
Threatray 1'053 similar samples on MalwareBazaar
TLSH T121A4D0120F490DB7E82C46B3A47760BB4AF2AD73977095974BAEB73B0830606552FCB5
File icon (PE):PE icon
dhash icon cecef0d4d4e8b28e (1 x SnakeKeylogger)
Reporter GovCERT_CH
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Yêu cầu thanh toán đầu tiên CHI TIẾT NGÂN HÀNG MỚI.exe
Verdict:
No threats detected
Analysis date:
2021-09-21 01:56:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2db4c0df-82f5-4a16-aefb-c93b0440a5de

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.DeepScan.Generic.Ransom.CloudSword.8FC3BBBA.2675.7467.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6cc86e6c-dc8c-41ae-b4cc-c9d6fc8e46c5
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/854511
Signature
.NET source code references suspicious native API functions
Contains functionality to capture screen (.Net source)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af/
Threat name:
Win32.Ransomware.CloudSword
Create hunting rule
Status:
Malicious
First seen:
2021-09-21 01:52:06 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3mtfyj3wrlwdjq244so7onhslv3y4bxazdukaj2sr5ncgosmgxq._file
Verdict:
malicious
Similar samples:
04514f416ce1d3bb390895ce496d91b024c3bd94cc3cb71ab6de2bcdb384e83a
SnakeKeylogger
28d365d0bf668ea41521237a106c5ad34b280ec1cbfc2b6a5d39ec82b72e3d2f
SnakeKeylogger
3087b4544d6819908609fd3153790ba7c7f4a7afe6c473d95576591f74357778
SnakeKeylogger
8072ca29a8527b0b1c1fa59ca07d85da4ce692ba73cc0471c73b47d08f839845
SnakeKeylogger
9cd3ef368ba18453043dc339a7666db5636655c58168ec64b59230be8635d741
SnakeKeylogger
a4b233fc40d4dc87b1b0083d75934909ec0fab27bc718a83428f679747128c1f
SnakeKeylogger
a883f34db93775194950d1e84662fd150b16e0a3f28a007f44eae8447a6bf93a
SnakeKeylogger
b5d12830a95c77f889e84fe1f3997a931cb68f38c5e34da1fd8fb8f8438a26fd
SnakeKeylogger
bebfac3941c07e388fb1af12aa627d248d2dc29b0deead22f229d48681df4af6
SnakeKeylogger
dc7749ab9753ec5962ae6b0b4f1ec32c7b2bb7da1b75510a1cccc440994e6deb
SnakeKeylogger
+ 1'043 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210921-caeacaadcr/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
241e39beb2f7efc9dec2997fc59f1d7348502b4d9e2fd90b383134b14b162bab
MD5 hash:
731b9d23b24fb78582dcfb6f6f224d34
SHA1 hash:
098a1daba8ddb18eb9411030bef0b4821676198a
Link:
https://www.unpac.me/results/007a1503-b901-470e-876e-51501ab95761/
SH256 hash:
2581368ee2c968f1b3e862e66226b4b760d0d88f99fed5de76cb3c308a441e24
MD5 hash:
846ceab037d6e8d0395c722cba7d2164
SHA1 hash:
794b37b9b955b37072f0b21ed9afdc5254968da8
Link:
https://www.unpac.me/results/007a1503-b901-470e-876e-51501ab95761/
SH256 hash:
06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af
MD5 hash:
369bf6c299a3f847d1734da9c3613e25
SHA1 hash:
9569c782557fc618118cc9616a473c9c142476c1
Link:
https://www.unpac.me/results/007a1503-b901-470e-876e-51501ab95761/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
Author:ditekSHen
Description:Detects executables with potential process hoocking
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:MAL_Envrial_Jan18_1_RID2D8C
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments