MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 346838cb6803df92a264b5f355b5a5f6de79dd3c6bb61b26187cd86df96d44ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	346838cb6803df92a264b5f355b5a5f6de79dd3c6bb61b26187cd86df96d44ac
SHA3-384 hash:	ae991fd60688c182f44d9812e2550bd00b1c4f114bb900ab5cd974422aa938383caec07f0d5141a8e000d073c6dad6ba
SHA1 hash:	7c0510feac969d8110b7eb9ad867fcd2db1f1360
MD5 hash:	16334d583f283283426deeae30d96926
humanhash:	michigan-diet-oranges-pasta
File name:	Medisave Order 180827.img
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	763'904 bytes
First seen:	2021-02-18 14:34:16 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:ZiDH1gDKcFRdrZjtE4rByjrhw6ct8NCmdyfwasqipKO29c:0gDKcFRdrF240jW3tsdyRipKO29c
TLSH	52F4AE0AEF3444F4D60439357C1BAD398D1F6CE0A6E81BD6699EB17FABB1064E63C205
Reporter	abuse_ch
Tags:	img SnakeKeylogger

abuse_ch

Malspam distributing SnakeKeylogger:

HELO: ip-135-141.dataclub.info
Sending IP: 84.38.135.141
From: Medisave Orders <orders@medisave.co.uk>
Subject: Medisave Purchase Order 180827
Attachment: Medisave Order 180827.img (contains "Medisave Order 180827.exe")