MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c59981f9303e35ffe5ba7e78234ee7ee0b76df49bf99249354053c932ff7d63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c59981f9303e35ffe5ba7e78234ee7ee0b76df49bf99249354053c932ff7d63
SHA3-384 hash: 0feecbfd02058ffb9641beaecf5c4912bc76f8af57cdf27dd038aa31cf44ce5401b3d8bb084a65229aefe3a23983e5d5
SHA1 hash: ed1fcae8717342c7281b83d162b153470f9e4edd
MD5 hash: 13ff5f0e924e766356a6bbecb0979113
humanhash: zebra-seventeen-lemon-eighteen
File name:INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material.exe.img
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'835'008 bytes
First seen:2021-07-07 12:26:34 UTC
Last seen:2021-07-08 05:31:47 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:YrOM/Ir8EEl2woqWBr04LZk4EicN5IvIK3i/P5N0biYuWOBfWlB:Sk8EE0hzwdHIAm05+biBBBE
TLSH B185AE7D70F28BD2EEABC77D5FB5751C6F6C6EAA90066E741C88716800E0B590A3142F
Reporter cocaman
Tags:img SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Mohamed , Eldaly <m.eldaly@petrozenima.com.eg>" (likely spoofed)
Received: "from petrozenima.com.eg (unknown [77.247.110.77]) "
Date: "7 Jul 2021 22:21:49 +0200"
Subject: "INVITATION TO TENDER NO MAT. 021/PJTS/2021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material"
Attachment: "INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material.exe.img"

Intelligence

File Origin
# of uploads :
4
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.DLO-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c59981f9303e35ffe5ba7e78234ee7ee0b76df49bf99249354053c932ff7d63/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-07 12:27:12 UTC
File Type:
Binary (Archive)
Extracted files:
30
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=brmzqh4taprv77s3u7tyenhop3qlo3putp4zesjvibj4smx7pvrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c59981f9303e35ffe5ba7e78234ee7ee0b76df49bf99249354053c932ff7d63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img 0c59981f9303e35ffe5ba7e78234ee7ee0b76df49bf99249354053c932ff7d63

(this sample)

SnakeKeylogger

Executable exe 5c8974292a63e007d64fb43ffa31166c7ad3daeb7e08e7f9bab2f8e0e17b060c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c8974292a63e007d64fb43ffa31166c7ad3daeb7e08e7f9bab2f8e0e17b060c
  
Dropping
SnakeKeylogger

Comments