MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b5752746f9905751721ed01d991e19aa872ad4b2b7031d84c7dadafd3512495. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b5752746f9905751721ed01d991e19aa872ad4b2b7031d84c7dadafd3512495
SHA3-384 hash: 0ef8dcde75c74de52b0466bfd316dd2e1baa4bec798e7f1d08478fc74d8fd6dd155ac6963441207ee60efa0557227059
SHA1 hash: 505bef8fd9ff08da14393ad985ee18b11ec5be92
MD5 hash: fc4c56bdb0a475ca795e643367092aca
humanhash: vermont-utah-missouri-ack
File name:100400806 SUPPLY.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:547'344 bytes
First seen:2021-04-04 06:37:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:MbUSGo16ADFA0MPQwTNF6EIhdZ36Il+P/Qy2fCTKXj:MbU3oVmPQEz6EIhddiXQpfC2z
TLSH F5C433E20D9B0FF990F8FA74B099460460E0852DA97BDB494B363B4F538EC47CB74996
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.good-hills.co.jp
Sending IP: 153.120.2.71
From: mahmoud.khalil<mouhanaestryd@awalnet.net.sa>
Reply-To: gk@aquaflor.ae
Subject: TENDER/BID OIL AND GAS TOOLS NDNOC ABU DUBAI
Attachment: 100400806 SUPPLY.rar (contains "100400806 SUPPLY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
316
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b5752746f9905751721ed01d991e19aa872ad4b2b7031d84c7dadafd3512495/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-04 02:31:40 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnlve5dptecxkfzb5ua5tepbtkuhflklfnyddwcmpww27u2reskq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b5752746f9905751721ed01d991e19aa872ad4b2b7031d84c7dadafd3512495

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 1b5752746f9905751721ed01d991e19aa872ad4b2b7031d84c7dadafd3512495

(this sample)

SnakeKeylogger

Executable exe e0575bb720e3ff70b4ae3f9a856781dce92194427300af776d7535537247c935

  
Dropping
MD5 f0c60735ea2aee475706464c0ae8f166
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0575bb720e3ff70b4ae3f9a856781dce92194427300af776d7535537247c935

Comments