MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827
SHA3-384 hash: 5c2895100799dd91ad33fc8c045571105c2378f7e3c542e2945c0b56579134a5adcc6d172d93bf3a88521d04e969f6c4
SHA1 hash: 9120f0b597f035d267ef7b8ead73a178612699e8
MD5 hash: 1e25aa999c0fa54f44e6f61f5ecabf90
humanhash: hydrogen-seven-nevada-salami
File name:proforma Invoice.pdf.z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:944'068 bytes
First seen:2023-06-07 11:21:18 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:roZFSBkrAEWY53Yf9jfPML2AtKOWacbVXCi6:roiSH3Yf9j2tKOWacbwi6
TLSH T1F51533E7700EE5AD43A09B2FDCA6217CF2135CAEBE4B98298FA4E715C5132257D74807
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:INVOICE SnakeKeylogger z


Avatar
cocaman
Malicious email (T1566.001)
From: "Sarah Dmora <dmora@biolabintl.com>" (likely spoofed)
Received: "from biolabintl.com (unknown [109.237.98.164]) "
Date: "1 Jun 2023 21:24:46 -0700"
Subject: "Re: Proforma Invoice"
Attachment: "proforma Invoice.pdf.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:proforma Invoice.exe
File size:1'026'048 bytes
SHA256 hash: 1174a36a1437a563b6d80ea0ace862adecdbd91817bee7e845cbaac144e02df6
MD5 hash: 519a4362bd2e58ed1dc658ea0b4c2b34
MIME type:application/x-dosexec
Signature SnakeKeylogger
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin packed
Link:
https://www.filescan.io/uploads/6480685bd8d9b6398e644999/reports/6a2fba0e-6395-435e-a9d1-82bca15e05b4/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-06-01 18:31:15 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
24 of 37 (64.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcsavxihtjg7xlztibwj7m4o2bi4tb4zvhyqarckfen34lsihatq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

z 38a40add079a4dfbaf33406c9fb38ed051c98799a9f100444a291bbe2e483827

(this sample)

SnakeKeylogger

Executable exe 1174a36a1437a563b6d80ea0ace862adecdbd91817bee7e845cbaac144e02df6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1174a36a1437a563b6d80ea0ace862adecdbd91817bee7e845cbaac144e02df6
  
Dropping
SnakeKeylogger

Comments