MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a9f582caaf734e55f3ff8fec08fb5cabf0fd8b60f9a498f6002229f21467442. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a9f582caaf734e55f3ff8fec08fb5cabf0fd8b60f9a498f6002229f21467442
SHA3-384 hash: aa47aac7c033a106251c5350cc4d70d42c2805dfe01d5af43da835e86be010d9ef183944d89a0e39cfa0bf9589a143c0
SHA1 hash: c1f2ff3dc17ef63486cb7f08045b8e981126daf1
MD5 hash: c98746731e3cc7d4b33089fdc891ec74
humanhash: louisiana-green-mississippi-missouri
File name:RFQ - FLOWLINE MATERIALS - NORTH KUWAIT.IMG
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'376'256 bytes
First seen:2021-07-02 08:41:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:4ml5MOXSx4x3p4H0WlomgKzhyZtoSHarka2dZEniI/fEzJ9mXrQu1uKT35x45H7l:n0nrg6hD6/AnEW
TLSH 355509683A9070AED4B7CA77CAAB2C58EAB9B437571B550B601702DDCB0D943DE700B7
Reporter cocaman
Tags:img SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Anil Kini A <anil_athmananda@heisco.com>" (likely spoofed)
Received: "from postfix-inbound-2.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "2 Jul 2021 01:19:12 -0700"
Subject: "RFQ -PIPE FITTINGS - FLOWLINE WORKS - NORTH KUWAIT - KOC - RFP 2070599, RFP 2075101 & RFP 2073681"
Attachment: "RFQ - FLOWLINE MATERIALS - NORTH KUWAIT.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1133.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PackedNET.899-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a9f582caaf734e55f3ff8fec08fb5cabf0fd8b60f9a498f6002229f21467442/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-07-02 08:41:09 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dkpvqlfk642okxz77d7mbd5vzk7q7wfwb6netd3aairj6ikgorba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1a9f582caaf734e55f3ff8fec08fb5cabf0fd8b60f9a498f6002229f21467442

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img 1a9f582caaf734e55f3ff8fec08fb5cabf0fd8b60f9a498f6002229f21467442

(this sample)

SnakeKeylogger

Executable exe f8e4c7f5480d6b302e4870ca9eb28118ee47dd0dad4b689450782dfce53b8685

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8e4c7f5480d6b302e4870ca9eb28118ee47dd0dad4b689450782dfce53b8685

Comments