MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60184bb727ef6cc3745e8eff1cbbdb5b9d1019d44dcf88c93648f9fb8898dd74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60184bb727ef6cc3745e8eff1cbbdb5b9d1019d44dcf88c93648f9fb8898dd74
SHA3-384 hash: e4641e374be79b73d86d267e10043c2a8e55261c488ac19dc52beb75c65b6dd23fb28aa8945173a33f3269b1ffe0b10f
SHA1 hash: 176c795f181be13dbd4a84da5cb501d768a1d6e5
MD5 hash: 9b51299903680b54c81b87edcff9c6f6
humanhash: twenty-london-march-sierra
File name:SALES.Z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:327'706 bytes
First seen:2021-02-02 07:47:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:XCLTAFkgDIGf1YmMugSyG0Lcv5IT1v3kmA39aolaSEv6pA/x52EdmKHa4doI:SLcFkgsGOmMNSyGuHVkmwRlapvKWgEf
TLSH 5264232A453D712B79B646A346FDB34024187DBFB187C2D13FCA0E9F384519EAD4A187
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: mastersealandlogistics2@gmail.com
Subject: Morning report February,02nd 2021
Attachment: SALES.Z (contains "SALES.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60184bb727ef6cc3745e8eff1cbbdb5b9d1019d44dcf88c93648f9fb8898dd74/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 07:48:10 UTC
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mamexnzh55wmg5c6r37rzo63looragoujxhyrsjwjd47xcey3v2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60184bb727ef6cc3745e8eff1cbbdb5b9d1019d44dcf88c93648f9fb8898dd74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 60184bb727ef6cc3745e8eff1cbbdb5b9d1019d44dcf88c93648f9fb8898dd74

(this sample)

SnakeKeylogger

Executable exe ee2d3399e07c48849e8df4415f583db278466f880353b26a5e66b03f99185af6

  
Dropping
MD5 848b7b08d9dd9db1bc3e27522354a643
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee2d3399e07c48849e8df4415f583db278466f880353b26a5e66b03f99185af6

Comments