MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 532c2cb74502b36f9736531da143c0e3bdad6bfe8c5baa0d48738f75ad9847ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 532c2cb74502b36f9736531da143c0e3bdad6bfe8c5baa0d48738f75ad9847ea
SHA3-384 hash: 39860e248efa3c0e4b854d67f2c7556f4e678a8ec5becf9aa4e2e9bb86ac61d54e84224c72c28dc87138bf7e2d05948f
SHA1 hash: 42175be9bf7875944692d201142680157b6db128
MD5 hash: 4c43b3857a040e77c2eca8db993d0aab
humanhash: magazine-cup-william-happy
File name:0009752202_OUTSTANDING_20210129,PDF.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:327'420 bytes
First seen:2021-02-01 08:12:07 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:aHg1jbDX8yvtZ5GZDQmt1ywYm/7HjVyCoghSw+4FgKDw76bWpJq9WZWp:aHg9bDMKZ5gD7ywYC7jVyCoghSwXiMwS
TLSH 5564239D247900E59B7141CF33796B4BCE52602287BA7657A2B5021620ECD0F6CB3F9F
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: phu.phuketdigital.com
Sending IP: 162.214.66.51
From: K-eDocument <tradefinance@kasikornbank.com>
Subject: DETAIL OUTSTANDING REPORT from KBank (ACCOUNT UPDATE)[053055819]
Attachment: 0009752202_OUTSTANDING_20210129,PDF.gz (contains "0009752202_OUTSTANDING_20210129,PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/532c2cb74502b36f9736531da143c0e3bdad6bfe8c5baa0d48738f75ad9847ea/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-01 08:12:14 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmwczn2fakzw7fzwkmo2cq6a4o622276rrn2udkioohxllmyi7va._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/532c2cb74502b36f9736531da143c0e3bdad6bfe8c5baa0d48738f75ad9847ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 532c2cb74502b36f9736531da143c0e3bdad6bfe8c5baa0d48738f75ad9847ea

(this sample)

SnakeKeylogger

Executable exe e77a2d44e244d4c950ebd5ab90406be121141f6436b45e730b8ac0e4bb4a23bf

  
Dropping
MD5 aaa9045bf2594e041030554867e79f06
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e77a2d44e244d4c950ebd5ab90406be121141f6436b45e730b8ac0e4bb4a23bf

Comments