MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e6c3476a2b2e4820d28e83d0a6af82c90a6c62c26a7f629ffe3f687d8c2afc3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e6c3476a2b2e4820d28e83d0a6af82c90a6c62c26a7f629ffe3f687d8c2afc3
SHA3-384 hash: aa3b38be02a817e70543050b2ae5a385d85983207413f8443f8eb46c6cfc2835491cf034a56e4e9bed2bba7409395d9b
SHA1 hash: f318556d776196031bcb98597cfc5c3917a514f7
MD5 hash: 3cc039cdbc10335cfe8e57c06f8f2e24
humanhash: black-fillet-mango-bulldog
File name:PI.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:395'019 bytes
First seen:2021-03-10 07:22:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:u1GNzx0MB5YJGqQt8DdER5Xw9ECp6Q7BUdQr+AAwUgcm0ljw5bGSTzwdEbjzMY4+:aGFuMBm/QxjQr+Tgx0ljwlXjjM1GB
TLSH 50842368A7C7B482F1BC4DFBB99561D1808FBC6077E03C5A510BE07A72A7771722C296
Reporter abuse_ch
Tags:rar SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: technocratlabs.in
Sending IP: 202.164.32.98
From: SAUDI ARAMCO OIL AND GAS COMPANY <jms-taxation@connectzone.in>
Subject: Payment invoice
Attachment: PI.rar (contains "PI.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25810.RarHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 07:23:07 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jzwdi5vcwlsiedji5a6qu2xyfsiknrrme2t7mkp74p3ipwgcv7bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e6c3476a2b2e4820d28e83d0a6af82c90a6c62c26a7f629ffe3f687d8c2afc3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 4e6c3476a2b2e4820d28e83d0a6af82c90a6c62c26a7f629ffe3f687d8c2afc3

(this sample)

SnakeKeylogger

Executable exe 764c908b57db1ff35e465a111999abe7c93cfba38a887dc9eaa7cd9bece27ebd

  
Dropping
MD5 d0a3671b2f9bc16e7f0f71dba1256c85
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 764c908b57db1ff35e465a111999abe7c93cfba38a887dc9eaa7cd9bece27ebd

Comments