MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 351a409e38b2205ffa709784c0d8fab0e28126ea7bf839fec9e5a7c207d254a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 351a409e38b2205ffa709784c0d8fab0e28126ea7bf839fec9e5a7c207d254a1
SHA3-384 hash: d444e82807d0b4a68a5ecff89a23f5ad7426ff50521e10706a986a7f5fd622fed50fe5b4b5eaf1192aed44f26be0e3ae
SHA1 hash: bfbfb49ebdf887d8c205428e53ce409e71580e60
MD5 hash: 167e8a8c2106759e7c54dfd07abaed7e
humanhash: alpha-snake-venus-jersey
File name:JD22 SEPT0 7 Shipping documents.r00
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:493'965 bytes
First seen:2022-09-30 08:20:13 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:pBFJmONvOiegwwkYdjEknQX1EzFV1j6d4DNL+7JEg3U9b:vVlVnk+Q1Ez9Fg3U9b
TLSH T1D7B42361C5FFB7825C0714FA0945285920E16930ABB231BF8DA70062E8FFCEF55A466F
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:r00 Shipping SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?SmFxdWVsaW5lIE11w7FveiAtIERhY28gSGVhdnkgTGlmdA==?= <jaqueline.munoz@dacoheavylift.com>" (likely spoofed)
Received: "from dacoheavylift.com (unknown [185.222.58.232]) "
Date: "22 Sep 2022 03:29:42 +0200"
Subject: "RE: Re: Shipping documents JD22|| SEPT 07|| NESTLE NIC PRE-ALERT"
Attachment: "JD22 SEPT0 7 Shipping documents.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/351a409e38b2205ffa709784c0d8fab0e28126ea7bf839fec9e5a7c207d254a1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-09-21 18:26:25 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gunebhrywiqf76tqs6cmbwh2wdricjxkpp4dt7wj4wt4eb6sksqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/351a409e38b2205ffa709784c0d8fab0e28126ea7bf839fec9e5a7c207d254a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

r00 351a409e38b2205ffa709784c0d8fab0e28126ea7bf839fec9e5a7c207d254a1

(this sample)

SnakeKeylogger

Executable exe 75f6b5d75163f57877978d241e43df174b6d18bc4c3288a34787433461a063ca

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 75f6b5d75163f57877978d241e43df174b6d18bc4c3288a34787433461a063ca
  
Dropping
SnakeKeylogger

Comments