MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20e2594c040134041471eb9e3c514c45346c03d215f231fb5faee9748526c32a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	20e2594c040134041471eb9e3c514c45346c03d215f231fb5faee9748526c32a
SHA3-384 hash:	f157bb51ea06d1c983001b6e6f86dd3c1b1d333cca223a4b62acce2e473773817065bc991404df1e0185f9d2066bda14
SHA1 hash:	2070047d08c5fe3bfa6e490e7efe920eacfbd50a
MD5 hash:	98213b36cdc2660e4fd0f1f286c79855
humanhash:	twelve-lactose-one-chicken
File name:	QYP09876543456789.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	375'129 bytes
First seen:	2021-10-01 06:27:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep	6144:b8LxBBXsP2i9W4MsjeuOYlo8zKEbvoaS3lJgWGsntUhOWrYPjxPzaCx3TfwBN2+0:yseiZKu3loXEbk/ntUhVr6jECRwBN2+0
Threatray	485 similar samples on MalwareBazaar
TLSH	T11384231353F288F7E2621B7209B19F3C7376D20EE019BB8B87AC5D231D7694A491A743
File icon (PE):
dhash icon	64f4d4d4ecf4d4d4 (82 x SnakeKeylogger, 34 x AgentTesla, 24 x Formbook)
Reporter	abuse_ch
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

QYP09876543456789.exe

Verdict:

Malicious activity

Analysis date:

2021-10-01 06:29:32 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/611c0936-2591-4bfd-9271-a4322162f4f5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/193864/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a file

Creating a window

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c4bdaa0a-1f37-42de-857f-730a64a84219

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/862502

Signature

.NET source code references suspicious native API functions

Contains functionality to capture screen (.Net source)

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

May check the online IP address of the machine

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Yara detected Snake Keylogger

Yara detected Telegram RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/20e2594c040134041471eb9e3c514c45346c03d215f231fb5faee9748526c32a/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-10-01 05:18:38 UTC

AV detection:

16 of 45 (35.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=edrfstaeae2aifdr5opdyukmiu2gya6scxzdd627v3uxjbjgymva._file

Verdict:

malicious

SnakeKeylogger

4e8de8ccb38db94fcf3be5fb78c913f68dd86153f89976e535a8192f42fc8f59

SnakeKeylogger

5be73e98e79472632484157eb2f58f914dee24521fc6cb5f26c02709664a0413

SnakeKeylogger

69419ba7304d09433d838fb5676eb82348f1e9cf44e4c52680eeec31c28931fd

SnakeKeylogger

9b7e0e6cba9a4b6f7360457e1fd9049d16145bcc53b1c51d696fd99b508d3dbc

SnakeKeylogger

bee3c64a4d3862a54f11a05303fb39c9768891841673269e477d0d87ec1862e2

SnakeKeylogger

c04d9dda88a75f4ed924e20617847a4d7a8ff729754e8ad66f3557fb90ed5d25

SnakeKeylogger

d2ec2611b322552856d3f202484914625b49f0dc3326d8ea3acdb3a57e65b1ef

SnakeKeylogger

e419efc94e3209360dcacc40d27f3b45983940b490e89b5085226c172016eb2b

SnakeKeylogger

f77b168fb3327ee43fbe2c0e8d0f2d3ae51ef165571576989186f6ed93177559

SnakeKeylogger

+ 475 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/211001-g8cxdsbafm/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Looks up external IP address via web service

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

20e2594c040134041471eb9e3c514c45346c03d215f231fb5faee9748526c32a

MD5 hash:

98213b36cdc2660e4fd0f1f286c79855

SHA1 hash:

2070047d08c5fe3bfa6e490e7efe920eacfbd50a

Link:

https://www.unpac.me/results/7d3f4d90-923a-4de3-8fd0-a6991014569f/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/20e2594c0401/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/20e2594c040134041471eb9e3c514c45346c03d215f231fb5faee9748526c32a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/193864/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample