MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17c1c4563c465f54d371c5b87be8e99ad49d100d6a8b573c96553889a4dea75d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17c1c4563c465f54d371c5b87be8e99ad49d100d6a8b573c96553889a4dea75d
SHA3-384 hash: deb9ba165e6ae5f12dbb777654ec9e8a0f90b640e551d23602d2be8686c54bba55f3a017662e648b55bfbc11f3ff96dd
SHA1 hash: aa2d975e8f57a2da2cd457fcf947e22388b34a26
MD5 hash: a43999838c9b05c3624c0da27ad8fa0e
humanhash: double-enemy-thirteen-west
File name:Payment Po.9099.Scan.pdf...iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:749'568 bytes
First seen:2020-12-18 09:31:26 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:DG0iwoo360JfQdysvsYdgyClQ5ZR+kLywaSoXE9HidMDcbh1iT/WL:1ooqPys1QlWfFpQf+jW
TLSH 5BF4DF55AA44C115CC2E0BB8E42948F0536B7D76E8B0F24F3E4D7DA53BB33E2096664B
Reporter abuse_ch
Tags:iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: vps.stategovllc.com
Sending IP: 45.85.90.141
From: office@stategovllc.com
Subject: Payment / PO#9099
Attachment: Payment Po.9099.Scan.pdf...iso (contains "Payment Po.9099.Scan.pdf...exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1570.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17c1c4563c465f54d371c5b87be8e99ad49d100d6a8b573c96553889a4dea75d/
Threat name:
ByteCode-MSIL.Trojan.XetimaLogger
Create hunting rule
Status:
Malicious
First seen:
2020-12-18 09:32:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c7a4ivr4izpvju3ryw4hx2hjtlkj2eannkfvopewku4itjg6u5oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/17c1c4563c465f54d371c5b87be8e99ad49d100d6a8b573c96553889a4dea75d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso 17c1c4563c465f54d371c5b87be8e99ad49d100d6a8b573c96553889a4dea75d

(this sample)

SnakeKeylogger

Executable exe 542681d860a8efe458012dfdbc343ee1cfc153f2995c198793c8f250c175d36f

  
Dropping
MD5 1f568cdd7fcba3b9301e1df2a4991d04
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 542681d860a8efe458012dfdbc343ee1cfc153f2995c198793c8f250c175d36f

Comments