MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a1186ce4646dd247803187fb648871fd811299642e309a664062fbee228f47c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a1186ce4646dd247803187fb648871fd811299642e309a664062fbee228f47c
SHA3-384 hash: ea2fbf91bbdfb9bea699dce76ae38e822b2ff343ffefa40573ce3a50466f009eb3582544620916d9c47bc6b10a91d96d
SHA1 hash: 22d6cd46214daca0299716c344841b0ef046596c
MD5 hash: 5db77935ce9780a33bd43ce208d02ab6
humanhash: wyoming-lion-leopard-pluto
File name:IDS_HC_8757465734.7z.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:378'973 bytes
First seen:2021-02-08 14:41:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:cDD8rNzXbP+MenoBbyOZaiRXoAxEm9Fl8HT8MCFyK/iXH2hWmmGidHMWFa8L3Q:cDwrNzneubyOZZ5oAxd+fAhkTGidrIF
TLSH DC8423E8ABE716A457C09F2469685FCDDF5874F013EE372E626EC5823380525342CDBA
Reporter abuse_ch
Tags:SnakeKeylogger zip


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: ttdifoxltd.com
Sending IP: 45.90.222.60
From: Enrg Lai<info@ttdifoxltd.com>
Reply-To: moneylog@kenapan.com
Subject: Inquiry and Order#786564765
Attachment: IDS_HC_8757465734.7z.zip (contains "IDS_HC_87574657347.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hosts.48234.3243.17765.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a1186ce4646dd247803187fb648871fd811299642e309a664062fbee228f47c/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-08 09:37:18 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=liiyntsgi3osi6addb73msehd7mbckmwilrqtjteayx35yri6r6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a1186ce4646dd247803187fb648871fd811299642e309a664062fbee228f47c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 5a1186ce4646dd247803187fb648871fd811299642e309a664062fbee228f47c

(this sample)

SnakeKeylogger

Executable exe 224272c1a8b55de2e1c26cb5c0ae09f3f0b3b7136a9bf59601960e1e7c532290

  
Dropping
MD5 5e0145aa1df3298bc6b46a763677f466
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 224272c1a8b55de2e1c26cb5c0ae09f3f0b3b7136a9bf59601960e1e7c532290

Comments