MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623
SHA3-384 hash: 72240e8a613bd0defc04b856be898f812b061c6b1132685a2c8fd9b515d03ceb4af645d747fed102c6e75cd2fc326a6a
SHA1 hash: 9e767bc3c6f927b4c92104a13c604bdf947756ca
MD5 hash: 9174b9434f0c9ffa1922461cbe7bc1d8
humanhash: coffee-johnny-kentucky-july
File name:Quotation.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:206'981 bytes
First seen:2021-07-06 07:52:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:DkrKoPEKisPz7oLW271/SAjPYeCWuVLreJN+qO8HWzulwKpEHJiZnkmyi7yfi+sE:DkrcMz7SAI0draNDO8HWzuiKuJ+ryilE
TLSH E11412B8F28C695D341EE9B2E13601F9B52F5C1AF47834F4896DC254D35AA2482F7933
Reporter cocaman
Tags:gz SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Apex Enterprise ltd<julesendkate@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [84.38.133.131]) "
Date: "06 Jul 2021 08:38:50 +0200"
Subject: "Re: Urgent Quotation Needed"
Attachment: "Quotation.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21203.RarHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-06 07:52:20 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bv5jfgfyhwaf7isubmefvrwbyn2cke2a5v3m6jtb7223sz6moyrq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210706-kt6adlrnja/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 0d7a9298b83d805fa2540b085ac6c1c374251340ed76cf2661feb5b967cc7623

(this sample)

SnakeKeylogger

Executable exe 31f6705688a80570935edc1587aef0b6fdd7828c704fdc6848ce6fb9844609b6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 31f6705688a80570935edc1587aef0b6fdd7828c704fdc6848ce6fb9844609b6

Comments