MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e2c188a5ba8707fd9f2e3ae56d75be09aa420f21fc852ec02c8d21274af5988. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e2c188a5ba8707fd9f2e3ae56d75be09aa420f21fc852ec02c8d21274af5988
SHA3-384 hash: a9292919b978401ef8c8472c0a390d9d7c973d4190f1ac289705ebd84cd474f352580248d6bf5195ec5bed22b88fb992
SHA1 hash: 8aacfcb77c1720c6eaf54922d129f87fb1681734
MD5 hash: df1dfea2b370df1b5ebd3436b34d297f
humanhash: burger-helium-maryland-ack
File name:RFQ CSDOK202040890.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:11'250 bytes
First seen:2021-02-24 14:43:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 192:rfJD8zLn+L8KzL/ckxkvWz64znjG6k8yea9LZLR4rr4vFtUPkukkrsYJG1ffU:zZW+L7zL/7sWz64nGOyjNZLyr0vFokxC
TLSH 5F32BF4E8096381B19E530D024EEE0CC0F459F9A367DFE12EE9BE67EB573000D805487
Reporter abuse_ch
Tags:rar SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: server.sardsgroup.com
Sending IP: 50.7.154.162
From: OLA KHALIL <shahnawaz@x-smartgroup.com>
Reply-To: OLA KHALIL <shahnawaz@x-smartgroup.com>
Subject: Request for Quotation - Supply & Delivery of Items
Attachment: RFQ CSDOK202040890.rar (contains "RFQ CSDOK202040890.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e2c188a5ba8707fd9f2e3ae56d75be09aa420f21fc852ec02c8d21274af5988/
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 14:43:06 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lywbrcs3vbyh7wps4oxfnv234cnkiihsd7eff3aczdjbe5fplgea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 5e2c188a5ba8707fd9f2e3ae56d75be09aa420f21fc852ec02c8d21274af5988

(this sample)

SnakeKeylogger

Executable exe fccc2c9b4b7755630827b24eb96f2dd1f989e43c86a8f218e6709a98160112f1

  
Dropping
MD5 698ea33c803819175f6a3b7a7bb3148d
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fccc2c9b4b7755630827b24eb96f2dd1f989e43c86a8f218e6709a98160112f1

Comments