MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778
SHA3-384 hash: 9587683eed3e3683b560ca99a915cff1344d69911ab5873ad6018d425f0ef275cbb1786b206833c7dff38fb48d18c5e8
SHA1 hash: be7f21a04cf9003e70ecfdb72e21476ab6e05c8d
MD5 hash: 8d85a0e7aa8c5402559d44bc151b8a95
humanhash: helium-delaware-north-batman
File name:SWIFT COPY.pdf.z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:530'503 bytes
First seen:2024-08-03 08:36:29 UTC
Last seen:2024-08-03 08:41:06 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:wzoYygdLytqACLCxQb12yWG3dgwv+K2lo5mEF/cyXQcYxeEK5:wzoYygNyUACLEQ0bGtJvFx5b6yAcYsEi
TLSH T1FFB43336F84B2D387AD5108A15B968FF4D3246E65B3A9A2723C53D1CD09B7D2D0F1CA8
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:payment SnakeKeylogger SWIFT z


Avatar
cocaman
Malicious email (T1566.001)
From: ""=?UTF-8?B?TWFpbCBDZW50ZXLihKIgwq4g?="<marketing@habibmetro.com>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.58.229]) "
Date: "31 Jul 2024 08:01:22 +0200"
Subject: "None"
Attachment: "SWIFT COPY.pdf.z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:SWIFT COPY.exe
File size:581'632 bytes
SHA256 hash: ab4593816a20ff7503167fc8fac03e20ab1fd7479c8d26d23baaa12f5df7bbb2
MD5 hash: f3d7d1f323c2017dad9515791e702034
MIME type:application/x-dosexec
Signature SnakeKeylogger
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66adec32037b02d0daed3f6f
Tags:
Discovery Execution Network Stealth Snakestealer
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778/
Threat name:
ByteCode-MSIL.Spyware.Snakekeylogger
Create hunting rule
Status:
Malicious
First seen:
2024-07-31 17:01:59 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
22 of 38 (57.89%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbimlcqkumb5dsbb5xuldkwcarbmsctmpuhjlfowt2t6rs2r654a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

z 3850c58a0aa303d1c821ede8b1aac20442c90a6c7d0e9595d69ea7e8cb51f778

(this sample)

SnakeKeylogger

Executable exe ab4593816a20ff7503167fc8fac03e20ab1fd7479c8d26d23baaa12f5df7bbb2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ab4593816a20ff7503167fc8fac03e20ab1fd7479c8d26d23baaa12f5df7bbb2
  
Dropping
SnakeKeylogger
  
Dropping
MD5 f3d7d1f323c2017dad9515791e702034

Comments