MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 10


Intelligence 10 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
SHA3-384 hash: 02ea3137bbc103c047b1b3179495658790c1a59d0fc8e6bae6d84be7182116724c4355a073ed27395fbebe89ccbce53a
SHA1 hash: 4fa2deb2b1ae553845bc5b45ae5640aad464cb21
MD5 hash: 934e8ac2fdeef16454904dbfdae4f19a
humanhash: burger-delaware-alabama-pluto
File name:fopcsUpMj6lv84P.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'133'568 bytes
First seen:2021-07-28 05:47:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:wY3cPOps7WzYbV2UJNACmi/slfzZlgN1qiUieShTqaC7VP50y+SIGGhquQ/bMwhv:wY7LCm7McOsBgo0q4wMR8STGnEV9
Threatray 380 similar samples on MalwareBazaar
TLSH T17D356B747BFD3A0AF4BB577E1074C1B24574B466EA12C32D792272CA0A32399C25D72B
Reporter lowmal3
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fopcsUpMj6lv84P.exe
Verdict:
Malicious activity
Analysis date:
2021-07-28 05:51:42 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/821bd538-531f-47d6-958c-9ba232dd89b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/174578/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.953-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6363e464-6b66-43b5-9cde-d877487fbd43
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/822914
Signature
Found malware configuration
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-28 03:12:11 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m2jsgxtcydl6csuecgc35yygganj2zh6ab775hpipghth67yc2eq._file
Verdict:
malicious
Similar samples:
21fdc7575a436316c0235f3240191d0e4773e8a54d1d088c76cfab7c705bb0fb
SnakeKeylogger
3de2043d5dc6aa1879f040d9c69e905424acabe29ac4162752bbf57f83ae58a6
SnakeKeylogger
48b0e86fec639744a4907f199f83fda003f53d6d705a6f767e6796ab9e67bdd4
SnakeKeylogger
578aa3607cb34fde024d099b916e61c0a767d952312a2e8c9276f3167a65ad14
SnakeKeylogger
69950e3903237ab9d6441a23af192268cf49da8e1034f77990833a60738090a6
SnakeKeylogger
b5e1daebfb2aa234328dc9776a1ecc77dd2726a7709c353c0265d8b1f4803f1c
SnakeKeylogger
b9acd58a25a9493713c0b5a3be62db4338de550aad1b23054d4be3de0c1b0c46
SnakeKeylogger
c4e1ba047b2fa0d07de6a124e882025489d5ff95e2a2cef31c4526199636f3cd
SnakeKeylogger
dc5458e66a8c76f55a5f490f5c9d12ea6e92a67c6ed74dbe40ca066a149d1659
SnakeKeylogger
e0c5194ec5dd17f0a5f77c156e99deafdee0c6e25b5c54c4bedc7bc5420f3a1d
SnakeKeylogger
+ 370 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210728-bnw9nxzera/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
CustAttr .NET packer
Snake Keylogger
Unpacked files
SH256 hash:
8f859d62def90584fcf82aa51fef5e1f8e15a1a633e810b948b80b555c1fcef5
MD5 hash:
73aac395620748908036aacae892927c
SHA1 hash:
672141d9b2b4ebc5f29ce655517273b2b0338d2e
Link:
https://www.unpac.me/results/69a28cf2-e409-43de-9735-bfbe1a17ee42/
SH256 hash:
97d2fa1d01b2f9a2199896e05e0cf60c14a9f41ef2d72e15fbb862b7afa08438
MD5 hash:
68463851c0e6fe7a254c99fae763d454
SHA1 hash:
4587a5371d88c296a0184fe47ee0c5245b187127
Link:
https://www.unpac.me/results/69a28cf2-e409-43de-9735-bfbe1a17ee42/
SH256 hash:
76ecf5800099385a610e615f28859fff59d765f2490443f44d2643a08a8b43a5
MD5 hash:
c2fd61e61c3afd8b973d34e520adad89
SHA1 hash:
309a64394bc83b92ebf6ca1a62612977b8cf213d
Link:
https://www.unpac.me/results/69a28cf2-e409-43de-9735-bfbe1a17ee42/
SH256 hash:
386c3772bc48c9d479d93e6dd15ae0b82b7bc9bb5f29e523abff173f8e8d61de
MD5 hash:
9714f4eeb776790e26c260f1225a98e1
SHA1 hash:
17717a6319d5b953b551bc0768cad8457d2b001d
Link:
https://www.unpac.me/results/69a28cf2-e409-43de-9735-bfbe1a17ee42/
SH256 hash:
6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
MD5 hash:
934e8ac2fdeef16454904dbfdae4f19a
SHA1 hash:
4fa2deb2b1ae553845bc5b45ae5640aad464cb21
Link:
https://www.unpac.me/results/69a28cf2-e409-43de-9735-bfbe1a17ee42/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICOIUS_EXE_DotNetProcHook
Create hunting rule
Author:ditekSHen
Description:Detects executables with potential process hoocking
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/174578/

Comments