MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51e91448262195fc27a84ba83391966cd2c4c74da94155f93204b4a95eab77bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51e91448262195fc27a84ba83391966cd2c4c74da94155f93204b4a95eab77bd
SHA3-384 hash: ce52e8bbd9e871209ea3184482a917f2a1c611da4e5b267ab51894610753288dfcb74030c556b02e0c1e5b308ce9831b
SHA1 hash: b2cb68eae5fa3f83cc294a2dca8a4391f8c45952
MD5 hash: 24c366e9c3fa27b639995f7ff9eb2dc6
humanhash: mike-don-table-berlin
File name:00098787_Doc.r09
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:297'274 bytes
First seen:2021-02-02 07:53:15 UTC
Last seen:Never
File type: r09
MIME type:application/x-rar
ssdeep 6144:AnpuegLeRzU5/+FjOUgkYPuFoZ2YCrsM+/tobasrP64YpeN6/Ag:AnoegLeRz2qjKkTFoZ2YCrsTPsrC4Ypn
TLSH 575423AAE931120A6095FA1757A3D6570A8FEF74437B11B2F3CC35AE786CB188605730
Reporter abuse_ch
Tags:r09 SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: secureserver.digitaledgekenya.com
Sending IP: 148.251.164.94
From: Amy Gan <finance@multilinkindia.com>
Subject: Re: SOA
Attachment: 00098787_Doc.r09 (contains "00098787_Doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51e91448262195fc27a84ba83391966cd2c4c74da94155f93204b4a95eab77bd/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 07:54:13 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
13 of 45 (28.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khurisbgegk7yj5ijoudhemwntjmjr2nvfavl6jsas2ksxvlo66q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/51e91448262195fc27a84ba83391966cd2c4c74da94155f93204b4a95eab77bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

r09 51e91448262195fc27a84ba83391966cd2c4c74da94155f93204b4a95eab77bd

(this sample)

SnakeKeylogger

Executable exe d15fa8ff467270abc9ba8c36038c455d2ad1de137748a1cc886e5f148a3a3fd8

  
Dropping
MD5 976725623f644893fa037b630f120a95
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d15fa8ff467270abc9ba8c36038c455d2ad1de137748a1cc886e5f148a3a3fd8

Comments