MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e
SHA3-384 hash: c9e11c016d4f537f46416685a9dae1a9401a9911a6d36e7ef18d2d4bd3aa3fc121722305bf9c90e14deef683af4e5f6f
SHA1 hash: 72ee1f95abea42ccafad0757740512581b996e55
MD5 hash: 35d1dfede00cba54d90273491df9b05c
humanhash: london-india-gee-speaker
File name:INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material exe.img
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'572'864 bytes
First seen:2021-07-07 04:55:16 UTC
Last seen:2021-07-07 05:00:07 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:8d+KKi6NsBSD/F08SxyeUDtZykcmWk+qF5JDxHKrQN4VA:8dNKi6NVYErjwSHmQN4
TLSH 6A755A7960F28BD1EDBFC73C2FA5750C2FE5A666D247EE786C9470890580B404A71A2F
Reporter cocaman
Tags:img SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Mohamed , Eldaly <m.eldaly@petrozenima.com.eg>" (likely spoofed)
Received: "from petrozenima.com.eg (unknown [77.247.110.77]) "
Date: "7 Jul 2021 01:53:58 +0200"
Subject: "INVITATION TO TENDER NO MAT. 021/PJTS/2021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material"
Attachment: "INVITATION TO TENDER NO MAT 021 PJTS 021 FOR THE PROVISION OF SUPPLY Instrument Bulk Material exe.img"

Intelligence

File Origin
# of uploads :
4
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.29972.10444.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e/
Threat name:
Win32.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-07-06 23:52:32 UTC
File Type:
Binary (Archive)
Extracted files:
33
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgbhrtn7q7doior5rfe42fdhdkl2qriaehxikytatgekx34n66pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img 518278cdbf87c6e43a3d8949cd14671a97a8450021ee8562609988abef8df79e

(this sample)

SnakeKeylogger

Executable exe c0122aead3c5a7b1a3a8d5f5cd7dcafa2ea0966d08cd4480ee041f5dd8eae89d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c0122aead3c5a7b1a3a8d5f5cd7dcafa2ea0966d08cd4480ee041f5dd8eae89d
  
Dropping
SnakeKeylogger

Comments