MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d2d2e91a65256cdb4be4392764f8a714f870ff28101f4a8f98065c3c0b80839. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d2d2e91a65256cdb4be4392764f8a714f870ff28101f4a8f98065c3c0b80839
SHA3-384 hash: 42519fb6ed8cc5ab55ce7569e8d62f5284e857ccc9cd17d89db06b4aadb8cd1b553c7e193dcae348fd2c1f3161ae3fb1
SHA1 hash: 6660b1532cc3f0fcc214bf8c408051e27686d9db
MD5 hash: 64bcf73bafca045a78783568799b5820
humanhash: saturn-bluebird-utah-music
File name:r4R45DX9FpWVhN6.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:876'544 bytes
First seen:2021-05-25 06:19:23 UTC
Last seen:2021-05-28 09:56:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 12288:/9Dtgbjuh4gmdwSo3AjI+fP5f3qN0BAX6wa0qt8ziCtFuEZyYSDINi5EmyA:/YbebA/IUZ3qggxNqtGU/HDIGEmL
Threatray 33 similar samples on MalwareBazaar
TLSH 2015032F506AF222C168C27D06C4742BED90DFF76131AC15A8D73F985639E4C799E22E
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
5
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/161640/
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Dropper.IB.27023.27131.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/791908
Signature
.NET source code contains very large strings
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM3
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3d2d2e91a65256cdb4be4392764f8a714f870ff28101f4a8f98065c3c0b80839/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-05-25 01:43:03 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
4 of 47 (8.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=huws5engkjlm3nf6iojhmt4kofhyod7sqea7jkhzqbs4hqfyba4q._file
Verdict:
unknown
Similar samples:
19848693581afe396fc1404f0da7df9fb1f46e6b9f0354188867ac890ec1bcb0
SnakeKeylogger
1c42bd094eeb6df10d17cb2fc16a7e167e38ee01d273f7c31ddf4775e015d59c
SnakeKeylogger
21437b52392e511f561988e79287444a65d5c78a251d2e54a92703be7fa5cf2f
SnakeKeylogger
419866e243e8c421e9ddaa512c0aaabb4454b57e684855d23576daa570a58957
SnakeKeylogger
6001be9c4cdedd1240a0388bf3939a460c03a4b70034369a385cf29f2e0258b1
SnakeKeylogger
6bb732e1c22295b2fa6970a286225d14bd7c6fabef714f9b20c3a622bb8e7645
SnakeKeylogger
9cb553dce1f526b4a7652dd79e40c83996c3fc3362a08bf5289b64f9fa70bb3e
SnakeKeylogger
9df937adf6a22c071b3d975135efa00bee0a9ad5fb22e6ef37c43dd79d90b030
SnakeKeylogger
a00a6fe53b7e8d3f5ab9d8b8ab2119c9d3fcbe2b41a1fad6b29ed37e493a2ba0
SnakeKeylogger
dd441c834ab08db376a48b44fd5da46477d869b363173b77b1f8bf03a09d8769
SnakeKeylogger
+ 23 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210525-edawh2psba/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3d2d2e91a65256cdb4be4392764f8a714f870ff28101f4a8f98065c3c0b80839

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 3d2d2e91a65256cdb4be4392764f8a714f870ff28101f4a8f98065c3c0b80839

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/161640/

Comments