MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b3f2b8be92b3e83ef2897f15039e6efa0eb43fc39a3d7c58426049135d621f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b3f2b8be92b3e83ef2897f15039e6efa0eb43fc39a3d7c58426049135d621f9
SHA3-384 hash: 0b36f5a28a70e91c5a5af02814a78c526d6293ea48112d5a39d98fec96d72cb4b7b326752ce89d9c4e987634f6fee300
SHA1 hash: 8c3ed4baa293c40b2a68a06edc6eb81a9d37816d
MD5 hash: bfd096fa8ca6543843b7b79e73b116f5
humanhash: papa-september-london-aspen
File name:FACTURA DE PROFORMA.z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:434'520 bytes
First seen:2020-12-22 07:21:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iXMqwMfYZW7QoZs8iIp2x8TX0OwdSCia8IAHID2kxRslvWOe31DrOOl5Sb1:HFMAZWkoJiIpbEObC38kOle/31DrOh
TLSH 61942304DEA2488A4427DE2B43314DA582D2F7E2A85AF0D84F87ED70F6488D6F447DF9
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: gpichardo@zegesa.com
Subject: FACTURA DE PROFORMA
Attachment: FACTURA DE PROFORMA.z (contains "FACTURA DE PROFORMA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
288
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn109.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b3f2b8be92b3e83ef2897f15039e6efa0eb43fc39a3d7c58426049135d621f9/
Threat name:
Win32.Worm.AutoRun
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 18:13:58 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jm7sxc7jfm7ih3zis7yvaopg56qowq74hgr5prmeeycjcnoweh4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b3f2b8be92b3e83ef2897f15039e6efa0eb43fc39a3d7c58426049135d621f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 4b3f2b8be92b3e83ef2897f15039e6efa0eb43fc39a3d7c58426049135d621f9

(this sample)

SnakeKeylogger

Executable exe 5b5e1135c372c0af40d6b3089a5d756feecd42802305d1ec973db01f40713c38

  
Dropping
MD5 bc2cedb48fd37ac23017f7a19257cc0c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5b5e1135c372c0af40d6b3089a5d756feecd42802305d1ec973db01f40713c38

Comments