MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f95569c940d1453f41bed1baa263c77a9fd82754de4117bde986be9a56c4f59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f95569c940d1453f41bed1baa263c77a9fd82754de4117bde986be9a56c4f59
SHA3-384 hash: fdd81138afe7374fb504028c0227fd7136febb76f7316df43a341442613ff390e4f4f49afc581e86dd90a736a012046b
SHA1 hash: bcde214f2b789f95cc0b942ed4e754c66df38492
MD5 hash: 677582af5bcaf733dbab97f73c7a9a58
humanhash: pennsylvania-thirteen-hydrogen-bulldog
File name:Payment.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:695'045 bytes
First seen:2021-02-25 09:53:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Vs5cAqwwqbI2PSUA10ERlTCr8cMU16CfkjgUzJGM1hhFPFof89Y9V2wtIIKOCg5:VcqPy6ZhCr8S1DkjZJGMJFNoqwIIKO95
TLSH 48E4234B1EB508E8ED0E673B25FB61F829D67E2FE1F7508BC174820B4F164296710796
Reporter abuse_ch
Tags:SnakeKeylogger zip


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: mail03.yeg.alentus.net
Sending IP: 208.123.210.91
From: maverick@vbizz.com
Subject: Confirm Payment
Attachment: Payment.zip (contains "Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21669.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f95569c940d1453f41bed1baa263c77a9fd82754de4117bde986be9a56c4f59/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 09:54:07 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6kvnheubukfh5a35un2ujr4o6u73atvjxsbc666tbv6tjlmj5mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 2f95569c940d1453f41bed1baa263c77a9fd82754de4117bde986be9a56c4f59

(this sample)

SnakeKeylogger

Executable exe a095c691a509873aae63969bd42ddcbfad25a03b71d56329966df693a5604320

  
Dropping
MD5 0c326165e9bcdfa3c85fca61eb5d9ea6
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a095c691a509873aae63969bd42ddcbfad25a03b71d56329966df693a5604320

Comments