MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 12


Intelligence 12 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a
SHA3-384 hash: d92a84592ddaa3e0cc9e5c5e78e15ad10d96d3ce2ee39b8b9d6b781fe74f2be7c729856824075fd9941172a5c12760f1
SHA1 hash: 9babd160a1e878b48322141a639338e823ac6b2a
MD5 hash: d387b31f1291506b660276e345f83a88
humanhash: alanine-utah-jig-hawaii
File name:prosecure_Ms-Document.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:367'616 bytes
First seen:2022-01-28 20:47:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:JtvJ/xaXxVQeeTkbRFUvKTvF/mSi/0Xvg03iX:LFxSDQexLUvKR//i/0XvgOi
Threatray 3'372 similar samples on MalwareBazaar
TLSH T1BF74F1252666F5A2DD0A0FB19551C3316128BDD06CD7A97B23D47CDF3273A00CB94EBA
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
prosecure_Ms-Document.exe
Verdict:
Malicious activity
Analysis date:
2022-01-28 23:40:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cc28fc2b-93be-47bc-a965-238c6449f408

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/225523/
Detection(s):
SecuriteInfo.com.Trojan.Siggen16.38272.8893.18258.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a recently created process
Creating a file
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Enabling the 'hidden' option for analyzed file
Reading critical registry keys
Creating a window
Forced shutdown of a browser
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61f456886a7929f66a210fd6/reports/bd8535dc-ae97-402f-bd4c-48bcf42b0647/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c61751d0-5949-44b8-a326-46fa13441e7c
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/930014
Behaviour
Behavior Graph:
n/a
Detection:
snakekeylogger
Create hunting rule
Link:
https://mwdb.cert.pl/sample/116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-28 20:48:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cfw5e5k4n5k37lvfek4egxbwkhk4a2x2ll3x2p5xt3mz7acpwffa._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
1332f016c96028681eca98552bc1e865b49ebf45484cdba2c665ccbda2133a32
SnakeKeylogger
332eb007a5e9b3e603bcd8546505d6df1b480ab032f772f5a24730c4cc6edfc5
SnakeKeylogger
3d724447dc1bc377b13e59cb6f4d04f062c1d992d75978d1ba8204cf8763280c
SnakeKeylogger
9e1b6a535b988b2f1f7e8656ec01feceff365d0c4aed814d11fdde1a4a72306f
SnakeKeylogger
d65f61619424a2312e304aa96179790ba96d9412edebb89ab937728977f6af5a
SnakeKeylogger
eb750ca2f4a93f7b8674c77cf2178ec75f3f858abd51c5fc4979d373b8438545
SnakeKeylogger
ee99b9271eaa68b93d7fd39fba6e2155a19085607adbcfcb7eb37962aa7aaa05
SnakeKeylogger
f85fb30beeceb9e2721aa12deee155bb604c0a364f926da18644af7e6e5c7a25
SnakeKeylogger
fa11ff2dfdf24b8e4628ba1e868a27510b4cb3936d1c03dd1d6bb8049cbdefa8
SnakeKeylogger
+ 3'362 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
97024f17003dd3d31dab64c4d1b8251e50d428644eb59ed3692ad79ce42019cf
MD5 hash:
8cd28be4bd9a1404c6d3600db32b3ed1
SHA1 hash:
fb90b0ca51118e771390d58b19d0a404ee14cfbc
Link:
https://www.unpac.me/results/1222f7db-bee0-4266-981c-49c046a41b9e/
SH256 hash:
a0975608afda4c65d243b0d9f703e0b4d39dd83d2c649454b37a9e25aea94df5
MD5 hash:
f635bc6ecce7c71c1544044a20229cb5
SHA1 hash:
e42ec74aec14c516c2bf6698c20094e3e26b3fda
Link:
https://www.unpac.me/results/1222f7db-bee0-4266-981c-49c046a41b9e/
SH256 hash:
4ef715ac01b2876fb9398923f41780076154a299e6364826712439d61b886b83
MD5 hash:
8d81ef5f35b5cd6c9465b1519bdffd6b
SHA1 hash:
c0cfb002527bf1e9cfc7733856a9326700da2f80
Link:
https://www.unpac.me/results/1222f7db-bee0-4266-981c-49c046a41b9e/
SH256 hash:
116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a
MD5 hash:
d387b31f1291506b660276e345f83a88
SHA1 hash:
9babd160a1e878b48322141a639338e823ac6b2a
Link:
https://www.unpac.me/results/1222f7db-bee0-4266-981c-49c046a41b9e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
Author:ditekSHen
Description:Detects executables with potential process hoocking
Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:MAL_Envrial_Jan18_1_RID2D8C
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 116dd2755c6f55bfaea522b8435c3651d5c06afa5af77d3fb79ed99f804fb14a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/225523/

Comments