MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 424495898664421eb838f19433c9d446b5ac11e14945585f10b7f2436f4f2833. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 424495898664421eb838f19433c9d446b5ac11e14945585f10b7f2436f4f2833
SHA3-384 hash: 1b09dbb635671e0ea83e08f08c3b36583b878b816554f03126711522099c2969cb510475cc45c784bb65a5f82a9008d5
SHA1 hash: 0e26c67b32c963f4bb6a3bf6c76a1e95a83deab8
MD5 hash: 922c2ea2932f2068a517b4648d9aae09
humanhash: one-mississippi-twelve-crazy
File name:TAY YOUNG 478535 _TVOP - Mio, pdf.cab
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:478'381 bytes
First seen:2021-03-10 07:54:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:vtrlFU6LZiCuy6eMkqKkE6hQ+BI/zfeADbCvL8JKySg1:1rvLYCwkk2+BAeAajclSa
TLSH 96A4236442047D43FAE18FC636CB203ED64598F96F18124A1492D932EFEDBE4688939F
Reporter abuse_ch
Tags:cab CHN geo SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: mail.avs.dn.ua
Sending IP: 148.251.79.142
From: "劉英佐小姐" <sales@tayyoung.com.tw>
Subject: 訂購泰英 535 _TVOP - Mio
Attachment: TAY YOUNG 478535 _TVOP - Mio, pdf.cab (contains "TAY YOUNG 478535 _TVOP - Mio, pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 07:54:07 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijcjlcmgmrbb5oby6gkdhsoui222yepbjfcvqxyqw7zeg32pfazq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/424495898664421eb838f19433c9d446b5ac11e14945585f10b7f2436f4f2833

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 424495898664421eb838f19433c9d446b5ac11e14945585f10b7f2436f4f2833

(this sample)

SnakeKeylogger

Executable exe 5fb48652e5909992ab84d9b849e19aebdef214eba613be1fb18b576ee8dfc618

  
Dropping
MD5 c15c7eaa3ba29f13067ce0fe00f96dc9
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fb48652e5909992ab84d9b849e19aebdef214eba613be1fb18b576ee8dfc618

Comments