MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b52a436be7ffaf4bb5de54eb4dce46eec746e992cbe3ab50ce23a24a0d594fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b52a436be7ffaf4bb5de54eb4dce46eec746e992cbe3ab50ce23a24a0d594fb
SHA3-384 hash: 256bf1ef0ea404b4e5ac2b219510ba7e34529fe3e0b7355bbd255d55b26232e5e7726a69e3acf2b73dd3844cc76e2350
SHA1 hash: f054ead03ac9f5be12bfefa06ebe78f76e9753f0
MD5 hash: 2bf0598d488bd9ce8b1a657adb011740
humanhash: alpha-pip-king-vegan
File name:CT-0000337_PROTECH DEL PEREU SAC.cab
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:753'839 bytes
First seen:2021-02-09 06:36:47 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:xA7xspubBScqFM2Rx+2Ak9GDY0Lei7FopKVlTiHy6hjBQ+EmpGrR6k7paMXISBCQ:xGFMXxb+2GD/LH7FoqlTiS6h5Bir8MH7
TLSH 46F433107937E2CAFE9A1E69533D87398F6DA50B9D548130128F63BAAC19F490DF7E40
Reporter abuse_ch
Tags:cab Hostwinds SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: hwsrv-831733.hostwindsdns.com
Sending IP: 104.168.203.143
From: Ericka Marquez <pvr@gardenwoaltd.pw>
Reply-To: ap@rtisafeco.pw
Subject: SOLICITUD DE COTIZACION
Attachment: CT-0000337_PROTECH DEL PEREU SAC.cab (contains "CT-0000337_PROTECH DEL PEREU SAC.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36317270.29291.1506.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b52a436be7ffaf4bb5de54eb4dce46eec746e992cbe3ab50ce23a24a0d594fb/
Threat name:
ByteCode-MSIL.Trojan.Snakekeylogger
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 01:48:32 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bnjkinv6p75pjo254vhljxhen3whi3uzfs7dvnim4i5cjigvst5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0b52a436be7ffaf4bb5de54eb4dce46eec746e992cbe3ab50ce23a24a0d594fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

cab 0b52a436be7ffaf4bb5de54eb4dce46eec746e992cbe3ab50ce23a24a0d594fb

(this sample)

SnakeKeylogger

Executable exe 5fdb400a330648b46c606f21433a20da8e5c7d51c6739d47ca8e23bc7182a475

  
Dropping
MD5 8411d4d30daaa54c02ed198eb40f2982
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fdb400a330648b46c606f21433a20da8e5c7d51c6739d47ca8e23bc7182a475

Comments