MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c5c30aa2e42304d2acf089967e6f4c8f892160faa9a0fb850d28cb6a5083a02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c5c30aa2e42304d2acf089967e6f4c8f892160faa9a0fb850d28cb6a5083a02
SHA3-384 hash: 71d565507fe3a2c33f3794d8f87e28a1dde759ec76383d5dd6e21cc2936ce94bba127fd0ba330643dc00051b9429b71e
SHA1 hash: e6b206ff09e45d0f523096f194e61b04773fe894
MD5 hash: 980cbd4340f7a055c5d0693ec3429446
humanhash: tennessee-sixteen-white-crazy
File name:DHL Shipment Notification 49833912.pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:923'648 bytes
First seen:2021-02-25 14:19:08 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:3GiE9tcET11hN1+HtDrkQh9O5kCNKzHcgSRAVvyWxC/nf:kf7+HtDl45kC8JZyWxCv
TLSH A1157B3832F51312C4B843F613D0D12417E11F6DEE9AD70ADEB925DA7722FC52A85A1B
Reporter abuse_ch
Tags:DHL iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: cloudhost-2290780.us-midwest-1.nxcli.net
Sending IP: 8.36.41.54
From: DHL Express Cargo <delivery@dhl.com>
Subject: DHL Shipment Notification :49833933
Attachment: DHL Shipment Notification 49833912.pdf.iso (contains "DHL Shipment Notification 49833912.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c5c30aa2e42304d2acf089967e6f4c8f892160faa9a0fb850d28cb6a5083a02/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 14:20:11 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=brodbkroiiye2kwpbcmwpzxuzd4jefqpvkna7ocq2kglnjiihiba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso 0c5c30aa2e42304d2acf089967e6f4c8f892160faa9a0fb850d28cb6a5083a02

(this sample)

SnakeKeylogger

Executable exe b26b60c978fe685e3c8ef7414059b5a82f1106dab094414af4b4fdab6d478c33

  
Dropping
MD5 4c6a84e828d436528db7e30255a1aa46
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b26b60c978fe685e3c8ef7414059b5a82f1106dab094414af4b4fdab6d478c33

Comments