MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bdeea73bdcf4b542ff19ca8f9b5a7fe3ea1ec717bbcd9dc3356e0d66d778468. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bdeea73bdcf4b542ff19ca8f9b5a7fe3ea1ec717bbcd9dc3356e0d66d778468
SHA3-384 hash: 010d460c18c17d5e9cdd84d53e2f6719f38abba33af00d95cdc72e60ce2e8c4c29b4067f3b85cd3a8415c7f770c454c5
SHA1 hash: 0557640e3c75ec744e5fb900e4f67cca31a1c60e
MD5 hash: d1386f9a7e1540d02d741b3f8e48eee8
humanhash: idaho-zulu-saturn-orange
File name:COAs-DOCUMENT.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:264'778 bytes
First seen:2021-02-07 08:21:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:Q67ujrMy4wrrVCfOrr/rne98W6Bohv87tLWpLG36r0wwaZ4G/e9nkeeUAM:Q6u4y4qrr/r4p4ol85Dcw846e9k8r
TLSH 0244230F59319A2A50F66797C49FB6895154B784A0FCBA8C63C3F90D39D88F2F99F420
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: walmailout03.yourhostingaccount.com
Sending IP: 65.254.254.78
From: Commercial Manager <info@yatrasansarnepal.com>
Subject: Rasta pharmed - COAs of some products- Product list
Attachment: COAs-DOCUMENT.gz (contains "COAs-DOCUMENT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
218
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.hc.5692.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4bdeea73bdcf4b542ff19ca8f9b5a7fe3ea1ec717bbcd9dc3356e0d66d778468/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2021-02-07 08:22:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jppou455z5fvil7rtsuptnnh7y7kd3drpo6ntxbtk3qnm3lxqrua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4bdeea73bdcf4b542ff19ca8f9b5a7fe3ea1ec717bbcd9dc3356e0d66d778468

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 4bdeea73bdcf4b542ff19ca8f9b5a7fe3ea1ec717bbcd9dc3356e0d66d778468

(this sample)

SnakeKeylogger

Executable exe 451ebce366a48d651915a71a9a8544844bbb6ce11356c565959472d35b6cea25

  
Dropping
MD5 de5451e8ba9d08a96b02c3f40eef94c8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 451ebce366a48d651915a71a9a8544844bbb6ce11356c565959472d35b6cea25

Comments