MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e
SHA3-384 hash: 96fcfafd49c47210f322df34d0ff0c4c6daf447177f7fa2bf02282e281d413c93c6cf09d849cd53d375e6e4b340429f8
SHA1 hash: 654f97424d9c7e2bdec194fe49774d75dd7b227b
MD5 hash: c5009503a30c683600ad3133b60d4b1c
humanhash: fish-oregon-bluebird-football
File name:PRE ALERT AWB NO - 09804480383.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:718'336 bytes
First seen:2024-11-28 08:10:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:vRSH5az8pX4101Kl+HTNSqMo3BcKGgo1zGX54P7wwhiFdevradRZ:wZs894/uxDN41zGCP7waudevraT
Threatray 140 similar samples on MalwareBazaar
TLSH T17DE4E0C17B267311ED78953082A9DDB863261E28B001B5E7ADCE779773DB2126D28F07
TrID 56.5% (.EXE) Win64 Executable (generic) (10522/11/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter lowmal3
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
401
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PRE ALERT AWB NO - 09804480383.exe
Verdict:
No threats detected
Analysis date:
2024-11-28 08:35:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c56ae0ed-de26-4e8b-b248-23f20c9f2f7a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.9051.7386.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=674826e2b31374f098355e25
Tags:
virus gates msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Unauthorized injection to a recently created process
Restart of the analyzed sample
Searching for synchronization primitives
Creating a file
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/67482598fa3557b45ebe1894/reports/a5f61b25-8634-47fa-b800-01dd4ec4ee12/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8339bf35-5bd8-43d9-a4e9-62018ffa01d6
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1564385
Signature
AI detected suspicious sample
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Yara detected Generic Downloader
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e/
Threat name:
ByteCode-MSIL.Spyware.Snakekeylogger
Create hunting rule
Status:
Malicious
First seen:
2024-11-28 06:16:34 UTC
AV detection:
17 of 38 (44.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eturuej6hfy7mxkvvebuglbmi3224rjwunyf7pli3fo3oitkiypa._file
Verdict:
malicious
Label(s):
unknown_loader_037
Create hunting rule
Similar samples:
24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e
SnakeKeylogger
6328f5ad5d16dbe08046450470e8ca083f07a10aa97401b0425a59d224492b13
SnakeKeylogger
92f5efd9584eef519b23beb2ebf8a79e68415ca18165d6c4237f1d26e0fff1d0
SnakeKeylogger
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1
SnakeKeylogger
a708a6cd710ba79a3dee7a91db6fedf3b3f6da1ab10d6391cc98962ee0904fd1
SnakeKeylogger
c769cee0a5a1cb795c2fc24c6471aaa898e58f38ea1aea8e632564cd4358a751
SnakeKeylogger
error
SnakeKeylogger
+ 130 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/241128-j29nwsxmbl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/47aa4f3f-bf59-467b-a44f-c8d59c245caa
Unpacked files
SH256 hash:
24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e
MD5 hash:
c5009503a30c683600ad3133b60d4b1c
SHA1 hash:
654f97424d9c7e2bdec194fe49774d75dd7b227b
Link:
https://www.unpac.me/results/d3be2bed-fefc-4f9e-b068-a3201a7fe901/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 24e91a113e3971f65d55a903432c2c46f5ae4536a3705fbd68d95db7226a461e

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments