MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67b8a218875f60b1c0c9cbd52906f0ca108d825c7d466d77422dd9211251a8b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	67b8a218875f60b1c0c9cbd52906f0ca108d825c7d466d77422dd9211251a8b3
SHA3-384 hash:	8b1ff02177daa262cf13a2a6469e0893c6f42e659b574891970620ce23c20d87ec2637e4afd78a83581c9296c7c92783
SHA1 hash:	be17cea8e52913ce45b7363602ff81433acbe005
MD5 hash:	e603865909b88b563c23ddf682a4a09d
humanhash:	juliet-alanine-illinois-south
File name:	RFQ3469,pdf.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	731'648 bytes
First seen:	2021-04-19 08:58:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:iBJFzQJRz2qMYkybrwpqWomMilFnjlLcz3tTs0oRASgOLBLwwCzRRRRRgs2vR2B:sFezIYXGVMi4BsvA2NdWRRRRRh
Threatray	6 similar samples on MalwareBazaar
TLSH	97F4E0250FA40E5BEFAC09BD0892B0B253B7ED513251BBD64FD13DF03972618990B7A9
Reporter	cocaman
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

1

# of downloads :

94

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

RFQ3469,pdf.exe

Verdict:

Malicious activity

Analysis date:

2021-04-19 09:01:08 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/5fd76ddf-0505-4eef-b454-0ea92d33abcf

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/138342/

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/686483

Signature

Found malware configuration

Injects a PE file into a foreign processes

May check the online IP address of the machine

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected AntiVM3

Yara detected Beds Obfuscator

Yara detected Snake Keylogger

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/67b8a218875f60b1c0c9cbd52906f0ca108d825c7d466d77422dd9211251a8b3/

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=m64kegehl5qldqgjzpkssbxqziii3as4pvdg252cfxmscesrvczq._file

Verdict:

unknown

Similar samples:

17f2756ac7d189963fcd702e09d1a81f16da8e2b112cda50636521b81fbab0b5

4e3d69c6a349cb94e4ab760758d6fc26607a4ec8729814c858553d25ca9b84d2

679f1795caa441c8b37db048309ca99745c25090ecdba817ff607c9156c22019

6eb104ca239413e237453d2402f9ea38f0da0d57adba6e997b4a54d0f7632cf7

b26443f64ed9fe456b57bec40231489a6d7d35c5a40f7610f796c63061d574d9

e020e3dfac7560a591909a7f03724657e2037d1cb6cb9f6be27099e10951f5bf

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger spyware stealer

Link:

https://tria.ge/reports/210419-m4sp23t9w2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/67b8a218875f60b1c0c9cbd52906f0ca108d825c7d466d77422dd9211251a8b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 1c7f3a2e122fb7bc063f2ac2569e0efc40cb692ca851951c7ad75459bf1ef946

exe 67b8a218875f60b1c0c9cbd52906f0ca108d825c7d466d77422dd9211251a8b3

(this sample)

Delivery method

Other

Dropped by

SHA256 1c7f3a2e122fb7bc063f2ac2569e0efc40cb692ca851951c7ad75459bf1ef946

Cape

Cape

https://www.capesandbox.com/analysis/138342/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample