MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b
SHA3-384 hash: f373fe417ec9abd6b4346b61a72bc8f04219b6f42a9888fe4ed0fe6c220a5406cb89921c9b00b26d663a15ea800dfd6b
SHA1 hash: 48acb6c7dcb4236df532237dcff8668a42c449ae
MD5 hash: d6c183e4da547bbe6fc5703b047732dc
humanhash: queen-victor-queen-minnesota
File name:SecuriteInfo.com.Win32.PWSX-gen.11726.23332
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:808'448 bytes
First seen:2024-02-06 09:23:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:jL+1YA2ZhLs49yJyppWk1ZF/eymbhFR+bovkD9c3h:3c2DLNqgnHX2+849cx
Threatray 5'912 similar samples on MalwareBazaar
TLSH T10C05CEF982066519C43536B8C7B353DD27BD1EEBBC02CA1A84E875B4247E3803659F9E
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter SecuriteInfoCom
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
297
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/474827/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.11726.23332.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65c1fab619fc38091423e851/reports/1b36fc25-36bd-48b2-9089-0deca806255e/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/74e886e2-a141-4358-b897-2dc633baea14
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1387407
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Allocates memory in foreign processes
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Yara detected Generic Downloader
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b/
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2024-02-06 07:54:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hmkeipdbxq5qp3yesy6opn6tf442bovryfqlmm6ja426dc5zta5q._file
Verdict:
malicious
Similar samples:
3ce21097dd06b2c3aa3d813c1663d3975be963f8bdca625bb11beee0bd4076bb
SnakeKeylogger
703921fd2af99761c29876c1593c7f225607a27eabd5bc1e6b66f2d1283de3d9
SnakeKeylogger
9760f95030f8a3303ea6f028a872f133707ed0d8417768d9db410cd8adaab4cd
SnakeKeylogger
9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94
SnakeKeylogger
b348825be831e3eb48ba5bee71b43e90073ba4d29056c86aea794dd1b6424618
SnakeKeylogger
e98837d8a5c7bde223cc25822eea7c8a42f2ebfa4afb69a7392779ac7f5399dc
SnakeKeylogger
+ 5'902 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger stealer
Link:
https://tria.ge/reports/240206-lc2cbsdah5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Snake Keylogger
Snake Keylogger payload
Unpacked files
SH256 hash:
cc669d46b728a86dcc8d91e952e7ff4520786568c8f9666aa9d375f4c4ef0045
MD5 hash:
515b025c2c8cf3e8658680b7b6913a28
SHA1 hash:
af18a023a5fd22da6d9eb4298a95501068855233
Detections:
snake_keylogger
Create hunting rule
win_404keylogger_g1
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
MALWARE_Win_SnakeKeylogger
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
Link:
https://www.unpac.me/results/0fc9c984-06f6-4639-9c5b-7d0ccaf7cb8a/
Parent samples :
aeeca36d177b00781e8a69a0f4cf0b95c7fba372ed672d2453ad97bc8e93ca9d
479464eb3f4adf0b74ade4aa491fef4eab206c0ddf5489a80d823779b4a4d69b
c7362845283503e1538fd1c4ba224becc55c213613c30684fa790cd6f99d2094
7c26d7522ab9ee7b3dfb9d842bb6da7fb1e00000454355ae3b8bd4db0a153562
3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b
0362ca22d88c46b40010c8d847a769ff5942df7071968f00911a41b59e1a59a5
0a502f2e9bc9853efab9088f64a1082edb24ccab2800c1f072cc8c453e552203
SH256 hash:
b12806cfc459d707518ce982849166ca99e95df5e05d4bc7bde7d3f4942cfe0e
MD5 hash:
7c59960bd60eda6f3da4824d1dd30e5e
SHA1 hash:
ab771360df8926364dee0758a6fb6814576fd03e
Link:
https://www.unpac.me/results/0fc9c984-06f6-4639-9c5b-7d0ccaf7cb8a/
SH256 hash:
2239119c7c307626633c4cb45ec492ffb16c503beb801a7e7e369af2cec6e026
MD5 hash:
c04163d2c374096a27eaf2b002d326fa
SHA1 hash:
763961bf480c02b8c558ecaf6ad387a81b7d5a4b
Link:
https://www.unpac.me/results/0fc9c984-06f6-4639-9c5b-7d0ccaf7cb8a/
SH256 hash:
a3b82e2d17f660c450ba4dae95a26b906f12626462a4bb9a6c2833071dd9faf5
MD5 hash:
cf3241f04cc546fa617566e84b5c1793
SHA1 hash:
0b9cbe0c45fba268857e11ad4d71105193c19d02
Link:
https://www.unpac.me/results/0fc9c984-06f6-4639-9c5b-7d0ccaf7cb8a/
SH256 hash:
3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b
MD5 hash:
d6c183e4da547bbe6fc5703b047732dc
SHA1 hash:
48acb6c7dcb4236df532237dcff8668a42c449ae
Link:
https://www.unpac.me/results/0fc9c984-06f6-4639-9c5b-7d0ccaf7cb8a/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3b14443c61bc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/3b14443c61bc3b07ef04963ce7b7d32f39a0bab1c160b633c90735e18bb9983b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/474827/

Comments