MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15308ecc7f68195a1a70805912d34aaa45a0e456359d200d5fa08f9bd96371c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15308ecc7f68195a1a70805912d34aaa45a0e456359d200d5fa08f9bd96371c0
SHA3-384 hash: bdd7c811e6eaf448143ad863b284e69d40030c984b1d5d7eecddd01a7356bd0523db903f32e77b11339c5fcf25eb1f66
SHA1 hash: 3fb83bdee9736b432d60c13a1c5da765ec6111eb
MD5 hash: db74c2a72de4d9248c8605755382341e
humanhash: diet-montana-spring-timing
File name:crypt zeco.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:604'160 bytes
First seen:2021-02-10 10:34:13 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 6144:LOJ0qvtMWjQ/TeeeBmgn4Xd9feOdfuHyCjGeFEJi+1h94oqocSSiB/:LM0qeVReBvn4N9GOdfEyCadQ+1h9c
TLSH FED4CFF7355885C6CE3F52B47A85C3F9A9D75D810992E60082FB31E9A776708143BB2C
Reporter abuse_ch
Tags:DHL SnakeKeylogger zip


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: mail.ostfold.net
Sending IP: 217.171.199.99
From: DHL Customer care <info@dhl.com>
Subject: DHL GLOBAL FORWARDING
Attachment: crypt zeco.zip (contains "crypt zeco.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15308ecc7f68195a1a70805912d34aaa45a0e456359d200d5fa08f9bd96371c0/
Threat name:
Win32.Backdoor.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-10 10:35:06 UTC
AV detection:
2 of 47 (4.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cuyi5td7namvugtqqbmrfu2kvjc2bzcwgwosadk7uchzxwldohaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15308ecc7f68195a1a70805912d34aaa45a0e456359d200d5fa08f9bd96371c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

tar 15308ecc7f68195a1a70805912d34aaa45a0e456359d200d5fa08f9bd96371c0

(this sample)

SnakeKeylogger

Executable exe 0f9c43e16d8b5a44dbdfe53a6f9bf132691c798ba435b697b98a793eb76d5930

  
Dropping
MD5 db70f171068e153a65a20e376143c527
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f9c43e16d8b5a44dbdfe53a6f9bf132691c798ba435b697b98a793eb76d5930

Comments