MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0bbc06390e3dfc9e44bda66fbc1e08ef13cf3d0b0b49ae4e72305a840a352511. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0bbc06390e3dfc9e44bda66fbc1e08ef13cf3d0b0b49ae4e72305a840a352511
SHA3-384 hash: 4f48fa4fb5595a218d09e2023552530c115ee05395f1a19a14c345f801bdfb17dab7e69b88e44f87641c7ef66799ffab
SHA1 hash: 40f1308a87fca711b6aef961dfb8fe753dd20960
MD5 hash: 39ae9cdb090b0983c5577e095e489236
humanhash: tango-lake-fix-nebraska
File name:P.O. 110689-08-2021,pdf.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:249'974 bytes
First seen:2021-08-09 05:11:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ca24a8fe7300d3915643d0e4fbc5d1cd (5 x Loki, 4 x Formbook, 2 x SnakeKeylogger)
ssdeep 6144:z+CO3hsaqyAzPb/NOAEs6PWmMhbvTAlC37o6o:ExNtA/NVEVPWmMh9Lo6o
Threatray 622 similar samples on MalwareBazaar
TLSH T16E3402B3BC67085BD93710B98633CEEB85281D26036536C733577E0BAA752A235351EB
dhash icon 851a98b4909864c4 (58 x AgentTesla, 43 x Formbook, 34 x RedLineStealer)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
P.O. 110689-08-2021,pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-08-09 05:28:17 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/011f8371-324c-4fc9-92cd-8010175272e9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177376/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.15268.249.4351.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Launching the process to change network settings
Creating a window
Sending a UDP request
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0d19829e-9e60-4fcc-949e-2a2a26ad7a50
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
spre.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/829145
Signature
.NET source code references suspicious native API functions
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Sigma detected: MSBuild connects to smtp port
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal WLAN passwords
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
Writes to foreign memory regions
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0bbc06390e3dfc9e44bda66fbc1e08ef13cf3d0b0b49ae4e72305a840a352511/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-08-09 01:51:54 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bo6amoiohx6j4rf5uzx3yhqi54j46pilbne24ttsgbniicrveuiq._file
Verdict:
malicious
Similar samples:
02b4c197d19e5147aa7e958b8d364936fcbf4f2a09ea7fc0773d417a6f9ac9c4
SnakeKeylogger
0ff8a0051138905969d6c762ab6bfb707348312de90884d4647c4168a501edbc
SnakeKeylogger
2e826b4ff8b272db629c4983e9edd53656cc4a2e9d24178ebd2b6a8890d1e864
SnakeKeylogger
44b5209fadd63026c1f4c7f1d1a6b9f49aa76f8597579773a0bc0010bada5853
SnakeKeylogger
7010546f9366fc5ff5ec208985159b5aeddc897e3dd0f811a6835c5debd96d55
SnakeKeylogger
9f4b51cee424229e92578fad70eb45c09b6bd101f326d6e41852756e473f7747
SnakeKeylogger
dda39c591898a0ba4531e89cd697021803df43cbe038570e2a5657f8a3400a02
SnakeKeylogger
e47294fb83f7abeec9f8e81cf403f70a35c3422252ea3e818066426fc75c5b6e
SnakeKeylogger
ec86c4d1a1d0390b9c161f21933953d99e1f03ea5722e1c4fa4c758c117b6bd1
SnakeKeylogger
+ 612 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger stealer
Link:
https://tria.ge/reports/210809-r593ebk63n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Snake Keylogger
Unpacked files
SH256 hash:
38fef5e3212282d1e2d3fe86d1af0ea3d2b9e668dfe0489063ddabfb74d61d48
MD5 hash:
ece7b74a3914f671d09c0292f625dcd2
SHA1 hash:
82928928c22ecf2dbdca6d54314de14ac863d962
Link:
https://www.unpac.me/results/0416dfc2-359f-4cac-aff3-2e343f8f8888/
SH256 hash:
0bbc06390e3dfc9e44bda66fbc1e08ef13cf3d0b0b49ae4e72305a840a352511
MD5 hash:
39ae9cdb090b0983c5577e095e489236
SHA1 hash:
40f1308a87fca711b6aef961dfb8fe753dd20960
Link:
https://www.unpac.me/results/0416dfc2-359f-4cac-aff3-2e343f8f8888/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/0bbc06390e3d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.13
Link:
https://yomi.yoroi.company/submissions/0bbc06390e3dfc9e44bda66fbc1e08ef13cf3d0b0b49ae4e72305a840a352511

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/177376/

Comments