MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f
SHA3-384 hash: bb4442bffb2277e4371ef7835371386d08ba19091e2ea190641523a3ba54323b785c5a5f78f629bda52d737901c08bc2
SHA1 hash: cd20c779794771a84830ea15e94c46c3a44684fc
MD5 hash: 567d3152ce52b2492ade03fb1879cd8b
humanhash: violet-red-florida-wisconsin
File name:00010200390_0192021.pdf.r00
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:709'567 bytes
First seen:2021-06-11 05:51:05 UTC
Last seen:2021-06-11 05:55:52 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:wYHdQQ3Jup2ZVxC/98X5Q9vcuMrVKKPwvWJmyEn9OeyWMBcHM2OffVyUe0C:wYH/wpqCV8QquMYJvcmL9gFBDC
TLSH 19E423E61A7939B0F94045CFC40BD367A2BBB664897E5ED17889A3A015B20C7F54EC3C
Reporter cocaman
Tags:r00 SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Julie-Ann <sms@fashionprofile.in>" (likely spoofed)
Received: "from rdns0.fashionprofile.in (unknown [188.225.83.191]) "
Date: "Thu, 10 Jun 2021 17:44:02 +0100"
Subject: "Purchase Order A00362"
Attachment: "00010200390_0192021.pdf.r00"

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-11 03:58:36 UTC
File Type:
Binary (Archive)
Extracted files:
32
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cg3ifc5pygwyel3eul6w2nw7fas7sg3cvh4okw266olk5dzw7mxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

r00 11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f

(this sample)

SnakeKeylogger

Executable exe bfa0c6d6a166011476ffd4f4fa1c2c1669c273fa945f729267fa537ce7689b44

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfa0c6d6a166011476ffd4f4fa1c2c1669c273fa945f729267fa537ce7689b44

Comments