MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dfa30b326a52c43b527219962f0a8d699de3145bdca37e784189f35039a4e77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dfa30b326a52c43b527219962f0a8d699de3145bdca37e784189f35039a4e77
SHA3-384 hash: 44d38c7f079ed6a4db2dbdf1c50b0c6905975b67a56a3dfe9ba1c14edd2668a14b0ffea3eb66ecfc0aa4f7f721db89c0
SHA1 hash: 27a9fba1411cf90a85eb5a35106f10d24032adc4
MD5 hash: fc40bee37396e9aaab5c656198d9d0a4
humanhash: mexico-single-mountain-music
File name:PO#5666HGS_pdf.scr
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'455'104 bytes
First seen:2021-03-10 08:27:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:ALHjYkAd0WajYkAEjYkA3k+S3R/IA6cCeeLMrDRs5qvOx7usNSq5pyRj15aSjYk0:gi0jnP+k5ICrdrGx+HZTaKny
Threatray 41 similar samples on MalwareBazaar
TLSH DB659DE2EE03D600D0242EF4D41DD1AC46E6FF886B19EC0D6C15F749563298ECAE96F5
Reporter abuse_ch
Tags:scr SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO#5666HGS_pdf.scr
Verdict:
Malicious activity
Analysis date:
2021-03-10 08:30:54 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/42500793-264e-4ee0-92d2-44ef3dd0253a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/123510/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/634024
Signature
.NET source code contains potential unpacker
Found malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM_3
Yara detected Beds Obfuscator
Yara detected MultiObfuscated
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 08:28:07 UTC
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dx5dbmzguuwehnjhegmwf4fi22m54mkfxxfdpz4edcptka42jz3q._file
Verdict:
unknown
Similar samples:
03a7c8a4e67e6739db52502fb4babb8421059e3269610dbec749b3f0aa4a4641
SnakeKeylogger
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f
SnakeKeylogger
452c45634d377378702996bde2b46ff7b1f1669de1578d6fd61cae2cbd7fc41f
SnakeKeylogger
4fba0a6de9bae92d10236ea02250e0079376e43a4b6c1aed009677bdb4b8c21e
SnakeKeylogger
6aca638f8c9405c4c02bb3f2b5f5e5bc9d5596f8c68a57fb99347031415b584b
SnakeKeylogger
748a3e05c03a34baf2b42e1307347661de5547c929b0c99256f81d19c1d4e2da
SnakeKeylogger
998a2fc57352ed3bde7f7b8bea269593342e6664ea8209a764d28ff4e0bf68f6
SnakeKeylogger
c3e845dc7b429254e650f20fff9771f5bd2c84c7e31d2846143402859d8ae3bd
SnakeKeylogger
ee9dccc36f0908f24e6b6b42a18516af36135f552b3fb5b965045c727e42b6a8
SnakeKeylogger
eecbdd4ef36098aa7120292261c879ebeed66a5e408ee8862c26f595325d1414
SnakeKeylogger
+ 31 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210310-lrm4zw9lxx/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
f9d949d2f56c449c5d346bb93ed04d38426f563b022dd179ae330dab46682c3b
MD5 hash:
871e23d748ba756eaab5777708f250f8
SHA1 hash:
c9816d4ab38541aaab9aa3eab7cb4898d0b72e4a
Link:
https://www.unpac.me/results/d0e91c17-8c92-4b3e-8139-77a5ffc61e50/
SH256 hash:
1dfa30b326a52c43b527219962f0a8d699de3145bdca37e784189f35039a4e77
MD5 hash:
fc40bee37396e9aaab5c656198d9d0a4
SHA1 hash:
27a9fba1411cf90a85eb5a35106f10d24032adc4
Link:
https://www.unpac.me/results/d0e91c17-8c92-4b3e-8139-77a5ffc61e50/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1dfa30b326a52c43b527219962f0a8d699de3145bdca37e784189f35039a4e77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 1dfa30b326a52c43b527219962f0a8d699de3145bdca37e784189f35039a4e77

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/123510/

Comments