MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c7ccdeeee511c29d63d7de3ead25ecf888ed42d31e18c17aee0d16e4b041585. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c7ccdeeee511c29d63d7de3ead25ecf888ed42d31e18c17aee0d16e4b041585
SHA3-384 hash: b77fe842cdc2fc435cea8e1a03f40df3cd0a0f92624ebf843309ce4883952387ef07f35e8a02db3ab2698086c9ad248c
SHA1 hash: 5a3cd7b6900ba6160bf732200a0d4d1bb39f345b
MD5 hash: e491a5de9cde53dfcf59499f542ee420
humanhash: network-tennis-purple-cup
File name:order for 0208-2020.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:665'730 bytes
First seen:2021-02-10 07:22:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:AVQoTkRJJgXCjNaoO8a4yUIN6DaJT1wWXSFLsX7AGULb:AVHi0XQXO1dU6LAWXYIXkn
TLSH 7BE433C022C840E01B0BB17A0654D74B8E77B94E8677B4AE5F62AA86C3D5CC905DDDFE
Reporter abuse_ch
Tags:SnakeKeylogger zip


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: server.sardsgroup.com
Sending IP: 50.7.154.162
From: Ms. Elaine Sta. Ana <leonard@staminafamily.com>
Subject: Re-order for 0208-2021..
Attachment: order for 0208-2020.zip (contains "order for 0208-2020.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs331.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c7ccdeeee511c29d63d7de3ead25ecf888ed42d31e18c17aee0d16e4b041585/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 07:23:11 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jr6m33xokeoctvr5pxr6vus6z6ei5vbnghqyyf5o4diw4syecwcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.58
Link:
https://yomi.yoroi.company/submissions/4c7ccdeeee511c29d63d7de3ead25ecf888ed42d31e18c17aee0d16e4b041585

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 4c7ccdeeee511c29d63d7de3ead25ecf888ed42d31e18c17aee0d16e4b041585

(this sample)

SnakeKeylogger

Executable exe 51f0b31b5da675d15e256846bc6adca112662b0bc1e90147c9d03faec7219a5b

  
Dropping
MD5 73c6859a073bc252df9ce67a959ce7fa
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51f0b31b5da675d15e256846bc6adca112662b0bc1e90147c9d03faec7219a5b

Comments