MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef
SHA3-384 hash: f80727794c339859bf965ba21fac9355bd6c5b37ab8b9fa7fa8d274527aa8134c69f1453b833f4576374372df4225b24
SHA1 hash: 8f5955d284167aecd197209ac9b1c7ad0b38b61a
MD5 hash: cf31402edf98c720b4f0e282fe569f8a
humanhash: iowa-diet-papa-vermont
File name:DHL EXPRESS.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:513'536 bytes
First seen:2020-12-22 07:05:11 UTC
Last seen:2020-12-22 08:46:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6268f04e234d87c0f6d247f77774934b (3 x SnakeKeylogger, 1 x Formbook)
ssdeep 12288:GCCA1LYtW8LW0AytAmC96NoKWljCuoX3VxuhKXLcIOzwphl7Qps4:GfULwrFAyt9N7KjvoX3buhCLczzShliV
Threatray 128 similar samples on MalwareBazaar
TLSH F6B423620E038FBBEF46187665BAF632E687D9A1C7664161DB4074EF23620D1D1EF188
Reporter abuse_ch
Tags:DHL exe SnakeKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.a1terainfra.com
Sending IP: 45.85.90.118
From: DHL EXPRESS <office@a1terainfra.com>
Subject: FWD:DHL EXPRESS
Attachment: DHL EXPRESS.zip (contains "DHL EXPRESS.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
301
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL EXPRESS.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-22 07:21:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7d722f71-505a-460c-8da5-3807942c7775

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/108826/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader36.29908.8527.21054.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Gathering data
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/567936
Signature
Machine Learning detection for sample
Maps a DLL or memory area into another process
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 07:06:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kc2k5sbru4lwksyzyqjq3uayonkni6utf2hxwgdy7eyrgirduhxq._file
Verdict:
unknown
Similar samples:
086d2a6e11da6e37ab46eb8d75c2eeb3d4aa825001be71e1e109b4578e5a321c
SnakeKeylogger
2d5d89747431e9003471e77e757e6c2d3310cbcac7451c1bb8389d0744543e6f
SnakeKeylogger
2f28bd2f3a4cc60e79d788f54365946926716720bc1c636ea5284bb02b952613
SnakeKeylogger
3a5e1d92c2a4710a204067099bbcf530fb132e2dc5bca24158d32b96cca6c683
SnakeKeylogger
5c03cc9cabc0adbcdb1597650f9fc5dd5c3b338a0e8558887a02fbb3be8c34c4
SnakeKeylogger
7b7f6b3a38933a9d06d6315b89df48c695b7ee7e35725649572a4abd17c3496c
SnakeKeylogger
9634cf79c1254f6eb68967cc89267c50513f9df930c15bdcc77bbd1fa1b5add6
SnakeKeylogger
dff521eb1bc7abe5eb779280c5d17c95310be7352ce5927c2173bf1d91a6ca97
SnakeKeylogger
e59d9d9ca9e0c7dddea9a94f0dab0ae137b6a762999bade26db35b1ca35e1f72
SnakeKeylogger
ee8e9b7393b01e6f46b1540fde42f6faa87dee2b3104b5e809b3c0219f91a5c8
SnakeKeylogger
+ 118 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201222-3zmf5r4362/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef
MD5 hash:
cf31402edf98c720b4f0e282fe569f8a
SHA1 hash:
8f5955d284167aecd197209ac9b1c7ad0b38b61a
Link:
https://www.unpac.me/results/27da27a1-ece0-4bb3-bd7e-8b78d0bd5ee6/
SH256 hash:
b5b0a023be13ac02a0c93e47d12a6a65f871689d8f17c213599f2747c1949748
MD5 hash:
0255d4e30e7b7376f4c9ec76c15fc5d0
SHA1 hash:
461520675145dec03f49a2efe031b79509b22a18
Link:
https://www.unpac.me/results/27da27a1-ece0-4bb3-bd7e-8b78d0bd5ee6/
SH256 hash:
1c9cd6ed62d3fc526e2ba03767e5a7540545dbf1179a03f4132427f3aed41703
MD5 hash:
01fc855c61cca5c4912e034395b82f1a
SHA1 hash:
86b2cb2c9fdab44304f1066440e77869f78c7b28
Link:
https://www.unpac.me/results/27da27a1-ece0-4bb3-bd7e-8b78d0bd5ee6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.78
Link:
https://yomi.yoroi.company/submissions/50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 161aa34f1cbe568e1c6bfa1f8c43b9514a223a8d681a0215f339f061be4c0b42

SnakeKeylogger

Executable exe 50b4aec831a717654b19c4130dd0187354d47a932e8f7b1878f931132223a1ef

(this sample)

  
Dropped by
MD5 4dbf0f30a7170a1fec11212791e6df7e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 161aa34f1cbe568e1c6bfa1f8c43b9514a223a8d681a0215f339f061be4c0b42
Cape
Cape
https://www.capesandbox.com/analysis/108826/

Comments