MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b853d182217e1145848fb617312acd68ba650e7fd18932a42dcf318fe656958. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b853d182217e1145848fb617312acd68ba650e7fd18932a42dcf318fe656958
SHA3-384 hash: 2f53ba8f204ba652a81a5d3ecabcfec32d0124bdf0dfdb8ab98ebe42d4ff438c3101186fd41ab2f676fd18279e182368
SHA1 hash: 41e7349ba36587f72bf88248e685ef55e9ce9717
MD5 hash: 1a6f5a8bb52ff3c0be6f673979b1ce02
humanhash: hawaii-monkey-single-three
File name:Neue Bestellung_WJO-001, pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:800'768 bytes
First seen:2021-02-25 10:21:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:noV+RtUZcuIYG0wRbH2HM2fYJE6ptGEZlyAKp:oV+RRuOV+M2wJR/lWp
TLSH 2205E14035BC42C3F5BE0AF2686AA52022B5789EA095D14F3A8DB7D927B3380455F77F
Reporter abuse_ch
Tags:DEU geo iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: cloudhost-2248786.us-midwest-1.nxcli.net
Sending IP: 8.36.41.62
From: Christian Metternich <info@erexim.de>
Subject: Neue Bestellung_WJO-001
Attachment: Neue Bestellung_WJO-001, pdf.iso (contains "Neue Bestellung_WJO-001, pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts66.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b853d182217e1145848fb617312acd68ba650e7fd18932a42dcf318fe656958/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-25 10:22:16 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hoct2gbcc7qriwci7nqxgevm22f2muhh7umjgksc3tzrr7tfnfma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso 3b853d182217e1145848fb617312acd68ba650e7fd18932a42dcf318fe656958

(this sample)

SnakeKeylogger

Executable exe 4328d4f2310ee7858e526da835916bbf08b0546fcbf44c01de8dde992736504d

  
Dropping
MD5 9d822fb6e819eaf1d82e71fb7b0d0ce6
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4328d4f2310ee7858e526da835916bbf08b0546fcbf44c01de8dde992736504d

Comments