MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 684b084150230e5c629a4c5e6f43f540cc207cfb4f0d20adcaaa60b100d796a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	684b084150230e5c629a4c5e6f43f540cc207cfb4f0d20adcaaa60b100d796a6
SHA3-384 hash:	baa6dfa4262692e52328659b131c4a1bf30ab3c66fa9cba90f190db96b648c234d68ce60aef498d361bf454dc3bfe427
SHA1 hash:	85ace292032545cbdb3398b4c6c85ad130d08bc1
MD5 hash:	acab4dcda1adc893181127e37ceb3783
humanhash:	football-kitten-one-green
File name:	SHIPPING DOCUMENTS.IMG
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	1'441'792 bytes
First seen:	2021-02-17 13:31:58 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:PbyF6l3CgdOyrhbBSvpNX6VkbWLYLPnAHizOS8RgV1ZEmKMOhqfJo1mJxRHHE6mx:Pbxfb276z3CSSJSM8qfJYOW
TLSH	6265D0337391CE66C4695B798120E3F403F8DE12561BE24B786D3927BE72D874B19AC2
Reporter	abuse_ch
Tags:	DHL img SnakeKeylogger

abuse_ch

Malspam distributing SnakeKeylogger:

HELO: vm1-bio.netprotect.ro
Sending IP: 185.99.89.68
From: DHL EXPRESS (MK) <noreply@dhl.com>
Reply-To: result.box2019@mail.com
Subject: DB_DHL_AWB_00117390021 / AD
Attachment: SHIPPING DOCUMENTS.IMG (contains "SHIPPING DOCUMENTS.exe")