MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55c76cd025310d9609862f35b9631e570be8b9276725aeebf1535c400d648d6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55c76cd025310d9609862f35b9631e570be8b9276725aeebf1535c400d648d6e
SHA3-384 hash: ba26e0524550ad6e6be25a15e11971145d2338c44b9372018a5d2ade4fbf060a7c161f49daad2385b8adf1a3b677e84d
SHA1 hash: b7f909488a0535abce1789d80c2a4a28f3d760e8
MD5 hash: e923509e0327aa72be27b19ab835059d
humanhash: october-apart-lion-don
File name:URGENT [HYUNDAI MOTOR CCPP] DC & UPS SYSTEM RFQ Issuance Cut-off date 2021-08-5.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:884'736 bytes
First seen:2021-04-22 06:17:41 UTC
Last seen:2021-04-22 07:19:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:UnDpgcoMZCZiZI6ojhUZLf2VxpGzicyumlX4kZTB4pWzRRRRR5qWKF:UGco39jhefexp2y5AERRRRR5qp
Threatray 312 similar samples on MalwareBazaar
TLSH 96158E41B2A9C8BBE41722F1D896E5F422917D45EA22912F359FBD1F75B334210A3F0B
Reporter TeamDreier
Tags:SnakeKeylogger

Intelligence

File Origin
# of uploads :
3
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
URGENT [HYUNDAI MOTOR CCPP] DC & UPS SYSTEM RFQ Issuance Cut-off date 2021-08-5.exe
Verdict:
Malicious activity
Analysis date:
2021-04-22 06:25:45 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/4946d24e-f088-4eb9-a308-2e234c7a699a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/143545/
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.DVA.genEldorado.3015.29486.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/692328
Signature
Found malware configuration
Machine Learning detection for sample
May check the online IP address of the machine
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected AntiVM3
Yara detected Beds Obfuscator
Yara detected MultiObfuscated
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55c76cd025310d9609862f35b9631e570be8b9276725aeebf1535c400d648d6e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 05:15:27 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kxdwzubfgegzmcmgf423syy6k4f6rojhm4s2527rknoeadlervxa._file
Verdict:
suspicious
Similar samples:
1cfe7afeaffc535ddacf05082d4e1cfb0254869e234ff08b22af04974ebfd1a4
SnakeKeylogger
25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457
SnakeKeylogger
704bd3f6c7d6671e896d71bc871f415cfc78209ae32cc518e95e39e7c06f83ad
SnakeKeylogger
aba011b5f83793cebc1cfb4a1ef3aecbba7a3ea766abb459363b2d8bb51f3866
SnakeKeylogger
abbc118eb1bf05f65a684916411d404bfb76e44bd498c9be15ba798561e9effd
SnakeKeylogger
bd299f37aa9e98b1f42640c6c588b65fb932abd4c3c4b7d258e37be327ae60a4
SnakeKeylogger
dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25
SnakeKeylogger
ec66bb08e7be3e235c199b1f253e949fc4296b105b7046cca10ae732cf347873
SnakeKeylogger
f27dfa34490a595f8ad99b083d4b0e3147b183c651e41760b038339e441b8582
SnakeKeylogger
f3b2b42ef8cec0923c1775d70e26d43577f386e0080b5e3215f608dd33e75313
SnakeKeylogger
+ 302 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210422-6mc1lq9va6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/55c76cd025310d9609862f35b9631e570be8b9276725aeebf1535c400d648d6e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/143545/

Comments