MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c41bd85f289663fde1b9df9f3ff959fe7c0330370d88bce8b64e9b8500b6bff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c41bd85f289663fde1b9df9f3ff959fe7c0330370d88bce8b64e9b8500b6bff
SHA3-384 hash: b6a2ad58ad7a2e977f46228ec03816c03f869af0c1a181fcccecafa11b8f33e19097f51b454da6c27f760863fcb00793
SHA1 hash: 30363fc7455521e570d86ce52e56a1e917b2fa92
MD5 hash: 39cf4f33be14279e39d45b771e4797fe
humanhash: five-oregon-wyoming-kilo
File name:CT-0000337_PROTECH DEL PEREU SAC.cab
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:536'371 bytes
First seen:2021-02-10 18:41:09 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:oFs0ZJPWKCxDPCQBhQ23SA6u8xfjSm8Pz9GO2TG6t:bUJ+WQ8WfUfj8P8O8
TLSH 51B423E028BD14583AB748953B3C7E291DAC5CA0A9D97E04612DDD63F909FFF60B46A0
Reporter abuse_ch
Tags:cab SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Ericka Marquez <ap@rtisafeco.pw>
Subject: SOLICITUD DE COTIZACION
Attachment: CT-0000337_PROTECH DEL PEREU SAC.cab (contains "CT-0000337_PROTECH DEL PEREU SAC.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MachineLearning.Anomalous.93.20558.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c41bd85f289663fde1b9df9f3ff959fe7c0330370d88bce8b64e9b8500b6bff/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 18:42:05 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dra33bpsrftd7xq3tx47h74vt7t4amydodmixtulmtu3qualnp7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c41bd85f289663fde1b9df9f3ff959fe7c0330370d88bce8b64e9b8500b6bff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

cab 1c41bd85f289663fde1b9df9f3ff959fe7c0330370d88bce8b64e9b8500b6bff

(this sample)

SnakeKeylogger

Executable exe 222165dd7723dadb40fa68e27857cfe28d44c75eb1eb14dd13ea2861d900c473

  
Dropping
MD5 e7e3d5a50a34d4b1c5ba9be05e810624
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 222165dd7723dadb40fa68e27857cfe28d44c75eb1eb14dd13ea2861d900c473

Comments