MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 120aa0fe361dcff17e1b9e30e658592dba90ec4f1183941ed17040e117a0aaba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
SnakeKeylogger
Vendor detections: 4
| SHA256 hash: | 120aa0fe361dcff17e1b9e30e658592dba90ec4f1183941ed17040e117a0aaba |
|---|---|
| SHA3-384 hash: | c17d7adc3a503ec7cfa3884a0bbea61812e37f0ccb9b7d80399df5747d47d91e9753bb85f4807dca887f965407f9560c |
| SHA1 hash: | e026f1a0055cecdfd9a61e2ac34ac39c70d7d151 |
| MD5 hash: | f5679802fcaf8f5cfd8a4ca723257c73 |
| humanhash: | georgia-alabama-monkey-oregon |
| File name: | RFQ1159BL.cab |
| Download: | download sample |
| Signature | SnakeKeylogger |
| File size: | 332'476 bytes |
| First seen: | 2021-02-10 07:05:40 UTC |
| Last seen: | Never |
| File type: | cab |
| MIME type: | application/vnd.ms-cab-compressed |
| ssdeep | 6144:ysC5skftLQgWEuQBWNtBWzg+/1vG5kmPK9zQjK9/wrpSNAgyeGrEzL1zWnIfmnl+:uKetkgWEu8CKgO1vG5kmC9z5k9gyeGrW |
| TLSH | 056423654F33C154F704B8B9AEC117F6E99F40F7086343EC52A84A6B646C0E8EB14E8B |
| Reporter |  abuse_ch |
| Tags: | cab SnakeKeylogger |
abuse_ch
Malspam distributing SnakeKeylogger:HELO: smtpproxy21.qq.com
Sending IP: 203.205.195.102
From: Katherine@yhkjelectronic.com <Katherine@yhkjelectronic.com>
Subject: RFQ1159BL
Attachment: RFQ1159BL.cab (contains "RFQ1159bl.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
SUSPICIOUS
Threat name:
Win32.Trojan.Pwsx
Status:
Malicious
First seen:
2021-02-10 07:06:08 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe Dropping
SnakeKeylogger
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.