MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 380e1428ab85247537de55c561c4ce21e08c6d3a119459bcad1ac0807d34b033. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 380e1428ab85247537de55c561c4ce21e08c6d3a119459bcad1ac0807d34b033
SHA3-384 hash: cbe346834eb639033571852fd750868241a17fb1fb2d7b5490b03f236baf6da60df6d2e9dd1d129c329bfe07efce9fdc
SHA1 hash: bb945f944df794cacc890099d7b9d38cee70f879
MD5 hash: 16bdb21013f7a9dd160cdc3330899d45
humanhash: lake-diet-hawaii-eleven
File name:Shipping Documents and Conditions Certificate.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:612'481 bytes
First seen:2021-02-24 06:40:19 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Rx0QM0uUzFjaV8yrBNrWhs3mHZHiTX+l7f5ASK/8Dph/:Rx0JOK84BNroVZHcCU8th/
TLSH F4D423B892F107F3B025BAFB193F9753F51A1798522AE630CE75A06015DEE08EF4A744
Reporter abuse_ch
Tags:DHL gz SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: df0.311.xvonq.ml
Sending IP: 206.189.220.52
From: DHL Express <support@dhl.com>
Subject: Consignment Notification: You Have A Package With Us
Attachment: Shipping Documents and Conditions Certificate.gz (contains "Shipping Documents and Conditions Certificate.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/380e1428ab85247537de55c561c4ce21e08c6d3a119459bcad1ac0807d34b033/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 06:01:20 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hahbikflqushkn66kxcwdrgoehqiy3j2cgkftpfndlaia7juwazq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 380e1428ab85247537de55c561c4ce21e08c6d3a119459bcad1ac0807d34b033

(this sample)

SnakeKeylogger

Executable exe 977e4d9c036d2572bfb14753b11e21a3f8a689baa1ce7fc3f7324df76c027384

  
Dropping
MD5 bad26573522f8f11042149566dfb670b
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 977e4d9c036d2572bfb14753b11e21a3f8a689baa1ce7fc3f7324df76c027384

Comments