MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30
SHA3-384 hash: 88a80e691e417f9a73af608e10cd0e60c0aaa5f2fa095ec1e515b8d2902150f53793bb1151817651cad79232898ac3ce
SHA1 hash: 02ff397f92db25182d3833e1bcb4d0e5f1bfe780
MD5 hash: 0ff71aa91476a66c85d706e5e41b71c0
humanhash: texas-robert-foxtrot-india
File name:INV. 736392 Scan pdf.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:422'741 bytes
First seen:2021-08-03 06:16:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:w37/tjJTJS61yrgHNBxffMZA6wbQ5aPDt55+ASKMlIkyTf039NgEhkByA3/iFCAK:EhjJTs61+gLuMoax7SDvwfKgEhIaJC
TLSH T1D19423052B1DBD72EB06C2DF4970EEDE51216C1F9D39CC6476A21F48B46B274EA0D14E
Reporter cocaman
Tags:SnakeKeylogger zip


Avatar
cocaman
Malicious email (T1566.001)
From: "tisch_13@yahoo.com" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [45.137.22.89]) "
Date: "3 Aug 2021 02:37:27 +0200"
Subject: "MEMO"
Attachment: "INV. 736392 Scan pdf.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30/
Threat name:
Win32.Trojan.Revcode
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 06:17:06 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjebicj3g75vlqboekpzj44eblk732irajvax7l5p5spmtrdvyya._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/210803-xq2jmke9p6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 2a4814093b37fb55c02e229f94f3840ad5fde911026a0bfd7d7f64f64e23ae30

(this sample)

SnakeKeylogger

Executable exe 39eb8788c0b7e09435f77feeb01392f97d7178c0ca95db1e5d78f6739861da95

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39eb8788c0b7e09435f77feeb01392f97d7178c0ca95db1e5d78f6739861da95

Comments