MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0
SHA3-384 hash: 99e3f917943725a8c46f17b5a02f3cd066ae5aa4a2ae3a98bb60607253b1511b0f7154105acf65ecafb5cda64322dcdc
SHA1 hash: a86788c3a3fba0512b4b85a9bc75daa2cb4b7ec9
MD5 hash: ec7e648f87ecbc3e6b033a57f91ad9e3
humanhash: harry-utah-winner-equal
File name:2098765434567890098765.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:825'856 bytes
First seen:2021-10-27 16:27:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:XEQm/f4+sRz/ioI5rVPmA+ZHGYFUeMk1DqMS7CRz3JMhlak8w+BH7i2rUTZ:U/VsRzioI5RrYF/1OI3JtwkH7oZ
Threatray 1'531 similar samples on MalwareBazaar
TLSH T13005F004F6018676F968293544D37A64CE6CAC8158118EC52BBDB75F3FB72D48B0EACE
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/200651/
Detection(s):
SecuriteInfo.com.Variant.Kryptic.18.32483.10749.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file in the %temp% directory
Delayed writing of the file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61797ddb9a5a1e91c5d797ad/reports/03579335-be40-4fc3-8118-5ed6fb895bfb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d893a839-6492-4b8e-b96a-9d750a96a19c
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/877942
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Contains functionality to capture screen (.Net source)
Found malware configuration
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
snakekeylogger
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-10-27 16:27:10 UTC
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5yqitr64sghqwo6dpsrwxyh2puahc33usad75qvabanlmc3roqa._file
Verdict:
malicious
Similar samples:
071820da24f6b704ce6356e79ded9baad1acaa5e400fb8727c33bae6aa6f7a2f
SnakeKeylogger
080a67d131facb8ce1207b2f2ac65d336aa328903f88ed8498ca3c0090a95205
SnakeKeylogger
18ea5ebd8331a357b54d5ab5b08db0bce05f8c452cabca6ff56fa2264525de9f
SnakeKeylogger
5e0b5992735a58dbc2f661c5ced17c468d6c8a5c75373206e18438822ce13980
SnakeKeylogger
6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d
SnakeKeylogger
69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875
SnakeKeylogger
8072ca29a8527b0b1c1fa59ca07d85da4ce692ba73cc0471c73b47d08f839845
SnakeKeylogger
82fec44e43fc056ae43c3e9635f1ba3893b9b88f2a253fa08e7bd21f53b10303
SnakeKeylogger
834833adf2996b1c2846f36b48aea5ec0b71fd7f14e314baacd3755d27825197
SnakeKeylogger
fdd7d2255680c3ba9ca9ff8c01ded5d24557dfbc1b88608435ac7c1f003aed04
SnakeKeylogger
+ 1'521 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/211027-tx4beshcbq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Unpacked files
SH256 hash:
29ffedfdc93484cfb84b182b8df081f0d84b935505071427157d1d11927c0479
MD5 hash:
79a9271071c7a1928b073edff2296d33
SHA1 hash:
ad6cb69cded2efa48235e64d58a79d94474ca9fc
Link:
https://www.unpac.me/results/fe8d20a5-59fb-402e-a74c-4ad5d874a38e/
SH256 hash:
e6e9a22646629e4b28daf7681c6ac104e3077e814335bcf3caca3cd8a2d6cd86
MD5 hash:
ee468eaa825c2818a073bf369cefd366
SHA1 hash:
5b3284165d8dc4b5ef3576d40fd0993ba3cf01db
Link:
https://www.unpac.me/results/fe8d20a5-59fb-402e-a74c-4ad5d874a38e/
SH256 hash:
4d1ee061c817ea30ca4e461a4f44388662c1c1c2775be2b323858ddbc1679b35
MD5 hash:
1b6d3d31872537cc611ff4322ffc1099
SHA1 hash:
0108adafb207ce044bfb3f7933da45594c545bee
Link:
https://www.unpac.me/results/fe8d20a5-59fb-402e-a74c-4ad5d874a38e/
SH256 hash:
4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0
MD5 hash:
ec7e648f87ecbc3e6b033a57f91ad9e3
SHA1 hash:
a86788c3a3fba0512b4b85a9bc75daa2cb4b7ec9
Link:
https://www.unpac.me/results/fe8d20a5-59fb-402e-a74c-4ad5d874a38e/
Malware family:
Phoenix
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/4f71044e3ee4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 4f71044e3ee48c7859de1be51b5f07d3e8038b7ba4803ff6150040d5b05b8ba0

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/200651/

Comments