MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dc07ea8c5bf1ce511549946e250ee145b10032da89eae19ab9f477a18a9c6d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 10


Intelligence 10 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dc07ea8c5bf1ce511549946e250ee145b10032da89eae19ab9f477a18a9c6d3
SHA3-384 hash: cf8657a06b9e4b7cd3b22e7f04b5cfc568f7b621ab76afa1d48b2bb1cd9cce5751d411b4ab46f875cb7bec119c910c19
SHA1 hash: 4215dc0beca7497efe6b2ad89981c382c2958aaa
MD5 hash: f2cbc293e8e9655f1bc5afa3ee839f0a
humanhash: mexico-spring-two-pasta
File name:SecuriteInfo.com.Trojan.Win32.Save.a.31562.17618
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:393'425 bytes
First seen:2021-08-18 04:07:56 UTC
Last seen:2021-08-23 07:29:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6b1520ba8a8e7d12cecb5bd04c747ffc (2 x AZORult, 1 x Formbook, 1 x SnakeKeylogger)
ssdeep 12288:pWWokL6EPPWur4rVyr9HUTb9kq8YDGgTodjZl:pWWxBPB858cp8YqgTiz
Threatray 753 similar samples on MalwareBazaar
TLSH T15D84D011B2C19036E5B7247649F19278A93CBB712B4F9EEF03C85AB94F341C17A31A67
Reporter SecuriteInfoCom
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
3
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Win32.Save.a.31562.17618
Verdict:
Malicious activity
Analysis date:
2021-08-18 04:10:04 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/18a336b3-6b81-474c-af13-a2996ea7fd2b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180190/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.31562.17618.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a UDP request
Unauthorized injection to a system process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/72f8abac-618f-4404-9c15-11e9718ebfaf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/834865
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 467292 Sample: SecuriteInfo.com.Trojan.Win... Startdate: 18/08/2021 Architecture: WINDOWS Score: 48 12 Multi AV Scanner detection for submitted file 2->12 6 SecuriteInfo.com.Trojan.Win32.Save.a.31562.exe 1 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        10 conhost.exe 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1dc07ea8c5bf1ce511549946e250ee145b10032da89eae19ab9f477a18a9c6d3/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2021-08-18 04:08:05 UTC
AV detection:
16 of 47 (34.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxah5kgfx4ookekutfdoeuhocrnraaznvcpk4gnlt5dxugfjy3jq._file
Verdict:
malicious
Similar samples:
10dc7778942ad9eddde8186d0fdcc43d4bcc9c39aa6f5203ebef85729eb02163
SnakeKeylogger
12a8589297e56fc863c7c37209870ff00bf15dcd21f90be9539e3332727761d1
SnakeKeylogger
203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b
SnakeKeylogger
6cbce1d82bb769eb1c517c2c54db572614dfce4c858690d77df761572bc98825
SnakeKeylogger
a2beda57a5e0995d2108071e88e5c70bb171d4434fa2a3c6c788ef066e9d43b5
SnakeKeylogger
b4918824e1c626c9b8c87be6f1aa34d1672a747e7d0f01d57c232284b62c3061
SnakeKeylogger
b6a58224bb0fbca5d4a297bdc2237ffd671e5548ebd6d35434ae1196df97f8d9
SnakeKeylogger
d53bae4b5ce931f64224d180b42eda418516d524ae0623571069c6bc30845fa3
SnakeKeylogger
ee7768e5b15b6e83c04033a244e19f19cc63aecedbb01786edb6e15318a2a2d2
SnakeKeylogger
fbb68d8435857838998c6bc25af2854e56916be9e4935106264d06733286aec6
SnakeKeylogger
+ 743 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger stealer
Link:
https://tria.ge/reports/210818-cbcdt5yt9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Snake Keylogger
Unpacked files
SH256 hash:
386c3772bc48c9d479d93e6dd15ae0b82b7bc9bb5f29e523abff173f8e8d61de
MD5 hash:
9714f4eeb776790e26c260f1225a98e1
SHA1 hash:
17717a6319d5b953b551bc0768cad8457d2b001d
Link:
https://www.unpac.me/results/ca33d826-d097-4d0d-b819-b2b39bb19653/
SH256 hash:
1dc07ea8c5bf1ce511549946e250ee145b10032da89eae19ab9f477a18a9c6d3
MD5 hash:
f2cbc293e8e9655f1bc5afa3ee839f0a
SHA1 hash:
4215dc0beca7497efe6b2ad89981c382c2958aaa
Link:
https://www.unpac.me/results/ca33d826-d097-4d0d-b819-b2b39bb19653/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1dc07ea8c5bf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1dc07ea8c5bf1ce511549946e250ee145b10032da89eae19ab9f477a18a9c6d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
Author:ditekSHen
Description:Detects executables with potential process hoocking
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/180190/

Comments