MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1beed8f2fa2a885ac6722ddf59e109dd277a4a149e33f20200d82f5ae8a249df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1beed8f2fa2a885ac6722ddf59e109dd277a4a149e33f20200d82f5ae8a249df
SHA3-384 hash: 552fa5229804107b3c11a1f2f1255938ac7404e329ed1173836d44b81c9aa52907616027492235b50c0dff8dafe6173a
SHA1 hash: 4abaf4fae4dda5cc1a23cdb66f2253c6d8e75c0c
MD5 hash: 7f71dbfd4c5438259261e72897f28028
humanhash: texas-colorado-hot-kilo
File name:09000000000000h...pdf..z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:280'648 bytes
First seen:2021-01-13 07:27:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:zpTgD2NJmi0of8at0QYmgHIZtJcmuEMtmVge5/DX8jXmhcaUb:ziEJmnxajgoZt+Tgd5/DMjWhcfb
TLSH CC5422F6065D41905038B6831AC419D18BBD72A57FE846A3F7805BDB7DB1080BA2FB2F
Reporter abuse_ch
Tags:ESP geo z


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: r.abouldahab@emis-int.com
Subject: CotizaciĆ³n de factura
Attachment: 09000000000000h...pdf..z (contains "09000000000000h.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader36.34658.12504.23526.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1beed8f2fa2a885ac6722ddf59e109dd277a4a149e33f20200d82f5ae8a249df/
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 19:38:04 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1beed8f2fa2a885ac6722ddf59e109dd277a4a149e33f20200d82f5ae8a249df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 1beed8f2fa2a885ac6722ddf59e109dd277a4a149e33f20200d82f5ae8a249df

(this sample)

SnakeKeylogger

Executable exe 5cc38d4a28e3609654ae3975d062a71272bdaaa655d998498f2169c7679bb19e

  
Dropping
MD5 af891ae0d2ec4596cd000335cfb9bbcc
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5cc38d4a28e3609654ae3975d062a71272bdaaa655d998498f2169c7679bb19e

Comments