MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e28b6299df599366eb78c788123ae3b33f78f51bf73e7ccfa747f6996e2be8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e28b6299df599366eb78c788123ae3b33f78f51bf73e7ccfa747f6996e2be8b
SHA3-384 hash: 743286666c7065f7338592baa624b23a344a4189c0ac6c7f29b4a0d8af4893dedb63bd26a368ffa7e969be7ca3dc0e13
SHA1 hash: 0904c0034e13f6bc6ae252822a1d91f28e07e151
MD5 hash: 21540719d7fc7d9a3372c740d2f53e4a
humanhash: emma-bravo-yellow-tango
File name:PURCHASE ORDER CONFIRMATION.7Z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:14'988 bytes
First seen:2021-02-23 07:20:54 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 192:sCdEiHcZdSgNtNo3iJc1ZohHEhSXtShwj/ot2As17giLQoROTV44V91IXTPvLv/5:jGgAFo3lLohLQzs1siMoiW4+jL/Qs7UU
TLSH 3C62D0BD6E34B319A34A8A271116148BD53FB817641F83CC668F4DCDC8E67F16B9C249
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: synergytpl.com
Sending IP: 45.133.116.238
From: <info@synergytpl.com>
Subject: PURCHASE ITEMS
Attachment: PURCHASE ORDER CONFIRMATION.7Z (contains "PURCHASE ORDER CONFIRMATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e28b6299df599366eb78c788123ae3b33f78f51bf73e7ccfa747f6996e2be8b/
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 07:21:13 UTC
AV detection:
17 of 47 (36.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jyulmkm56wmtm3vxrr4ici5ohmz7pd2rx5z6pth2or7wtfxcx2fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4e28b6299df599366eb78c788123ae3b33f78f51bf73e7ccfa747f6996e2be8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

7z 4e28b6299df599366eb78c788123ae3b33f78f51bf73e7ccfa747f6996e2be8b

(this sample)

SnakeKeylogger

Executable exe 56431350911d0476225fe5218ef37ad68ad0542b393f79ff080a69b4592a67b6

  
Dropping
MD5 c41625a958db8d88d054fd472caf73cd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 56431350911d0476225fe5218ef37ad68ad0542b393f79ff080a69b4592a67b6

Comments