MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e99167a7a136a15241f1e89ffcf223f09696b8f32df56d02b17d789ec150e1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e99167a7a136a15241f1e89ffcf223f09696b8f32df56d02b17d789ec150e1e
SHA3-384 hash: c71dff8ceaec9ab9add85d3f33eab1c64a6c5d528f8158c96171c1a0ef47fa95d5306abe4d8f022ad28c35836cf5c164
SHA1 hash: bb1716c033f958c2b453a950d05c17c09b4b0c12
MD5 hash: 0438dfb1ada915db75799f6ca06bcec2
humanhash: texas-maine-violet-minnesota
File name:DHL_FORM_00099271654_P.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:675'671 bytes
First seen:2021-02-15 06:50:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:W1s1ipBDk4q0XBDjBS6Qnpa7oqcVma+BMhdeb0FhzgDKn:AsipZu0RfBS6QnscVmaGUoqgDe
TLSH EBE43314E693F96D8551BAC7163163A9288B5C2ED10FEED021F2BEC1C192BFAC13C759
Reporter abuse_ch
Tags:DHL rar SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: centoswp.internew.gr
Sending IP: 185.78.221.121
From: (DHL Supply Chain) <Maria.Sisternas@dhl.com>
Reply-To: result.box2019@mail.com
Subject: ENTREGA DE DHL (NOTIFICACIÓN DE FALLO)
Attachment: DHL_FORM_00099271654_P.rar (contains "DHL_FORM_00099271654_P.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e99167a7a136a15241f1e89ffcf223f09696b8f32df56d02b17d789ec150e1e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2mrm6t2cnvbkja7d2e77tzch4ews24pglpvnublc7lyt3avbypa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3e99167a7a136a15241f1e89ffcf223f09696b8f32df56d02b17d789ec150e1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 3e99167a7a136a15241f1e89ffcf223f09696b8f32df56d02b17d789ec150e1e

(this sample)

SnakeKeylogger

Executable exe 5c7a8d747c0858343c409b41d793ed9409bd16d0f730891b7a2ec7feb5cd4395

  
Dropping
MD5 7cb90a6bdb53e506818e5b4cffc27f6d
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c7a8d747c0858343c409b41d793ed9409bd16d0f730891b7a2ec7feb5cd4395

Comments