MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36a74820b84a806779c2602bc5c3eb1f5b6a8cd034da4503e6357f47715e6c68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36a74820b84a806779c2602bc5c3eb1f5b6a8cd034da4503e6357f47715e6c68
SHA3-384 hash: ea2265bdaa70bbfe3fe1c372c5409ae318c71f056348b2d8fb85adc179c1742e31c4d7b624ec4a975f42b152d7e840a3
SHA1 hash: d023015163a5bfee45152bba91eb1eaa61bc5005
MD5 hash: 5d110855c044df27aacfd8c66cdcf2c0
humanhash: vermont-alanine-sierra-saturn
File name:Payment slip & Invoices.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:356'443 bytes
First seen:2022-01-13 10:32:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:e8TV9pV7EqbPIJoKBdf1BHLlyrnu7F1Jok36mEi0uhu7NSE5xjkvdPCaZ:fE2PIJoKntBZyrnu7F1Ckq1iH2XjqdPd
TLSH T16574238B691778A730ABAB35511D4E8E8C4EE0F51E0236E852B4A745DFFD76E1030E36
Reporter cocaman
Tags:INVOICE SnakeKeylogger zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Ranjeni (Accounts Department) <Account@fvmbavxo.bar>" (likely spoofed)
Received: "from hp0.fvmbavxo.bar (unknown [104.248.206.135]) "
Date: "13 Jan 2022 11:01:31 +0100"
Subject: "FW: PAYMENT ADVICE"
Attachment: "Payment slip & Invoices.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
247
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs435.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/61dfffe0e997359713e57916/reports/3bac4674-f7ff-4968-ac9f-ee8591735661/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36a74820b84a806779c2602bc5c3eb1f5b6a8cd034da4503e6357f47715e6c68/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-01-13 10:33:09 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
17 of 41 (41.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g2tuqifyjkago6ocmav4lq7ld5nwvdgqgtneka7ggv7uo4k6nrua._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection evasion keylogger spyware stealer
Link:
https://tria.ge/reports/220113-mlkllshecm/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Snake Keylogger
Snake Keylogger Payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/36a74820b84a806779c2602bc5c3eb1f5b6a8cd034da4503e6357f47715e6c68

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 36a74820b84a806779c2602bc5c3eb1f5b6a8cd034da4503e6357f47715e6c68

(this sample)

SnakeKeylogger

Executable exe 0061607aee4d9ba9256a994ba445144beeb9077a57921ee73522d6e3144d09bc

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0061607aee4d9ba9256a994ba445144beeb9077a57921ee73522d6e3144d09bc

Comments