MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 16


Intelligence 16 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f
SHA3-384 hash: a7a314457d1bc0f7705754a949018dc8b52b16a8d916c2958cf75b62c4a16349f1820408a54b55316cb866f20ad8eb59
SHA1 hash: f7514a847c0f1b73449feae50ddeda030b34c682
MD5 hash: 516257bdbaf5dc222f54f5d6f6bfa153
humanhash: earth-pasta-india-missouri
File name:516257bdbaf5dc222f54f5d6f6bfa153.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:129'536 bytes
First seen:2022-11-12 07:35:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'612 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 1536:qp0H7isrKDzOfOpU3HXnEKD9nqNb/UWK7ioPtvWm8MBpiOWBh3F0Kcl:qp0HOsmHOfOpU3HXXWb8nTBzwBh3FbY
Threatray 4'863 similar samples on MalwareBazaar
TLSH T105C3061C7BFC8904E6FF8A7311715221C7B5E852092ADD5D5AC2F4582A7DA808E1BFE3
TrID 60.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.8% (.SCR) Windows screen saver (13097/50/3)
8.6% (.EXE) Win64 Executable (generic) (10523/12/4)
5.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
516257bdbaf5dc222f54f5d6f6bfa153.exe
Verdict:
Malicious activity
Analysis date:
2022-11-12 07:37:42 UTC
Tags:
evasion trojan snake
Link:
https://app.any.run/tasks/f4ebe4d9-7394-452d-86a8-ae5310d7b58b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/332817/
Detection(s):
Win.Malware.Snake-9953539-0
Create hunting rule

Win.Packed.Msilperseus-9956591-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Reading critical registry keys
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm cmd.exe evasive hacktool packed stealer stealer
Link:
https://www.filescan.io/uploads/636f4ce4651d1d5cca648d89/reports/319903c6-5532-4a0e-ba92-2379c2881a88/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/df1364f8-7fd2-45f9-bd60-95c1d0c6c36a
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1111736
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Generic Downloader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
404keylogger
Create hunting rule
Link:
https://mwdb.cert.pl/sample/2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f/
Threat name:
ByteCode-MSIL.Infostealer.Mintluks
Create hunting rule
Status:
Malicious
First seen:
2022-11-08 14:21:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fw5ilbjr6ibgc3bzal2iv63rb3dh3qwfhjtuprihhzckyrmcc6hq._file
Verdict:
malicious
Similar samples:
0cc2e5b30e63a14392a667b12c238c794eba4d2e6bc8f581319baf1e0efe537b
SnakeKeylogger
406e9f07aa3bb42bcc51aab336b1a672de5abb220416451cdebc0916cbb45396
SnakeKeylogger
73493f393423de3502be624402e63b53216a91ec15cb5ab1357661a75c2ad29e
SnakeKeylogger
775bfe71cc319661eab3324221ff8f507df0f88dc7062133faa70c0e1969a69c
SnakeKeylogger
9b99bfeaca81fa2a9b5f525bd35d6f7f87866a65970f3fcde51085401e51e4d5
SnakeKeylogger
cc59aa1e7c1791f184e0725ba1e86bfe1d636761bd640aed519e1eb1c81161b1
SnakeKeylogger
d40f32f81438c0c6bad28f8b8b08ebb452871640a691cb879ea1a4220b452017
SnakeKeylogger
d85e746a22444825e6140beed538bf5ffd680b30c2458f68605a4b1efc58b591
SnakeKeylogger
e528e6f67fa76a1a9297544cdcbf8ccbe3e64bc20d919ec3753401fd0405ec5e
SnakeKeylogger
+ 4'853 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/221112-je8s3sec65/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
outlook_office_path
outlook_win_path
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9eb36788-d49f-41ce-b4b8-37c39e42cc01
Unpacked files
SH256 hash:
2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f
MD5 hash:
516257bdbaf5dc222f54f5d6f6bfa153
SHA1 hash:
f7514a847c0f1b73449feae50ddeda030b34c682
Detections:
snake_keylogger
Create hunting rule
Link:
https://www.unpac.me/results/dbd5ec7c-47b4-465a-9a8c-c2461cffe3e1/
Parent samples :
8e4ee0ec7d1ac518e6f583d03c62b7d89978f2a0df7f5d1e50e709fe7a91a512
2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f
37322ceee0b4960b4b769389b2029cb0c39ee32750e5e39e20dacb483bd8e0a5
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2dba858531f2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
Author:ditekSHen
Description:Detects executables with potential process hoocking
Rule name:INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:MAL_Envrial_Jan18_1_RID2D8C
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Windows_Trojan_SnakeKeylogger_af3faa65
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/332817/

Comments