MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4384fb0eee134062de01af6ed892e517670f2cdd661dcf4e36142b76ed3015a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4384fb0eee134062de01af6ed892e517670f2cdd661dcf4e36142b76ed3015a6
SHA3-384 hash: 940cba183f9678efd6d88374a03deee676f223d370480a8820b7aa837f5152fc685dbf78220fec31ec1be14d80350136
SHA1 hash: da1818b9ae20c40be2438955c25f0cafa36e43e8
MD5 hash: a9a4dabdc1fcce8eaa2a2c99bfe98beb
humanhash: victor-oranges-india-bakerloo
File name:swift transfer_20-04-22.xlsx.001
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:12'429 bytes
First seen:2022-05-04 15:33:53 UTC
Last seen:2022-05-04 15:34:07 UTC
File type: rar
MIME type:application/x-rar
ssdeep 384:hOLTe2RAEdr6ID1qpRVAWgCUI2MMZCPARcIg:h6TvGO6II+LJcPARBg
TLSH T10D42B0DBA395DA235E02EDD7C7ACE4D210256DB45B60CF0DF38B64E00898C76E1E4AE5
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:001 payment rar SnakeKeylogger SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "Akira Hiraiwa <ahiraiwa@seiho.com>" (likely spoofed)
Received: "from seiho.com (unknown [2.56.59.155]) "
Date: "04 May 2022 07:43:02 -0700"
Subject: "Proof of Payment"
Attachment: "swift transfer_20-04-22.xlsx.001"

Intelligence

File Origin
# of uploads :
2
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27214.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/62729d2a19beefe126fe0206/reports/05d256b0-eed1-4787-82ee-7d3eef1ac94a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4384fb0eee134062de01af6ed892e517670f2cdd661dcf4e36142b76ed3015a6/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-05-04 13:55:20 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
18 of 41 (43.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iocpwdxocnagfxqbv5xnrexfc5tq6lg5myo46trwcqvxn3jqcwta._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger stealer
Link:
https://tria.ge/reports/220504-szrjzaghep/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/4384fb0eee134062de01af6ed892e517670f2cdd661dcf4e36142b76ed3015a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 4384fb0eee134062de01af6ed892e517670f2cdd661dcf4e36142b76ed3015a6

(this sample)

SnakeKeylogger

Executable exe 9c14d6ca77383fa5a3724feab17b217b900295abf77311a8c88f39ff7bb02f01

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c14d6ca77383fa5a3724feab17b217b900295abf77311a8c88f39ff7bb02f01
  
Dropping
SnakeKeylogger

Comments