MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b
SHA3-384 hash: 1c64794f630448060777775484636730870e39e2f6575e9ffb6121eebfb926b92892bd136b5f2089eeccb5e9054c6f59
SHA1 hash: e335ebb8ed5dbb536e5323dc55d0c9c907587c31
MD5 hash: aa069cd0c4942ccf4416b434930abdc0
humanhash: winner-fanta-winner-table
File name:Yeni sipariş _WJO-001, pdf.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:781'690 bytes
First seen:2021-08-17 14:03:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f21b9f4ed04fb68076e88d1363ed51e4 (10 x Formbook, 3 x RemcosRAT, 2 x Loki)
ssdeep 12288:vdKqRTBltDn9lzAKp5yNMzljAYxudZC9QmRItTWzbR0:vdKCBbplDp5FljAxY800
Threatray 5 similar samples on MalwareBazaar
TLSH T1A4F4AF707108E8B1D56B89B97334C221BF7DB831CB0AE8CF10CA5EDE65B2790947659E
dhash icon 8084a48cbc8ce4f8 (44 x Formbook, 20 x AveMariaRAT, 11 x SnakeKeylogger)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Yeni sipariş _WJO-001, pdf.exe
Verdict:
No threats detected
Analysis date:
2021-08-17 14:59:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d22e9c03-dc68-40bc-b17c-7722569508bc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Zusy.397940.31618.20761.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2fe0a6cb-23ea-45d7-8647-a8320e0abb4c
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/834483
Signature
Found malware configuration
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b/
Threat name:
Win32.Infostealer.Snakkel
Create hunting rule
Status:
Malicious
First seen:
2021-08-17 14:04:27 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ea3vjrxfchqgpduyw4e55mrqw3xau7ed4xbwri6c4prlzrus7afq._file
Verdict:
unknown
Similar samples:
10dc7778942ad9eddde8186d0fdcc43d4bcc9c39aa6f5203ebef85729eb02163
SnakeKeylogger
6cbce1d82bb769eb1c517c2c54db572614dfce4c858690d77df761572bc98825
SnakeKeylogger
a2beda57a5e0995d2108071e88e5c70bb171d4434fa2a3c6c788ef066e9d43b5
SnakeKeylogger
d53bae4b5ce931f64224d180b42eda418516d524ae0623571069c6bc30845fa3
SnakeKeylogger
fbb68d8435857838998c6bc25af2854e56916be9e4935106264d06733286aec6
SnakeKeylogger
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger stealer
Link:
https://tria.ge/reports/210817-8w4l2cxeax/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b
MD5 hash:
aa069cd0c4942ccf4416b434930abdc0
SHA1 hash:
e335ebb8ed5dbb536e5323dc55d0c9c907587c31
Link:
https://www.unpac.me/results/4187eadf-f01f-4159-99a2-ac4dfad25380/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/203754c6e511e0678e98b709deb230b6ee0a7c83e5c368a3c2e3e2bcc692f80b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments