MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d
SHA3-384 hash: 927e626688faf194a2847b1b92ade52d040552c27d3fcd58ac25bb28af559cc655d94723804ca472dc1b298182153057
SHA1 hash: bce2ea42785d482bf250c6b581c263353425fd31
MD5 hash: 319666af1b4391a150ad3a6e854de163
humanhash: georgia-pennsylvania-louisiana-oven
File name:254345323-098765567-098770.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:521'475 bytes
First seen:2021-09-21 07:54:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 6144:X8LxBY4nZPSQTjeUqJlG9r03cjEEdVdWo/fMgtJ2LQPk3nAiPiy0YIrjddazprjF:1WqUqJlk3PdWo9tILHAiiy0Yge9roE8e
Threatray 1'064 similar samples on MalwareBazaar
TLSH T135B423E3E6D0C8F3D2E78B75107E2E6563B5931B406EA50B43647E1A2C315DB8239DE2
File icon (PE):PE icon
dhash icon 4f07090d0d014f8c (47 x SnakeKeylogger, 17 x Formbook, 13 x AgentTesla)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
254345323-098765567-098770.exe
Verdict:
Malicious activity
Analysis date:
2021-09-21 07:55:00 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/14e43e89-907d-4562-8270-77f78d11b98f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/189684/
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/293270c0-aa74-4ce3-ad0d-d5e353d1e786
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/854642
Signature
.NET source code references suspicious native API functions
Contains functionality to capture screen (.Net source)
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d/
Threat name:
Win32.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-21 02:41:33 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nfyjiddpisnghlc2aswye27b7erwqy6ko3iea6l36lupx6e2nq6q._file
Verdict:
malicious
Similar samples:
04514f416ce1d3bb390895ce496d91b024c3bd94cc3cb71ab6de2bcdb384e83a
SnakeKeylogger
06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af
SnakeKeylogger
080a67d131facb8ce1207b2f2ac65d336aa328903f88ed8498ca3c0090a95205
SnakeKeylogger
18ea5ebd8331a357b54d5ab5b08db0bce05f8c452cabca6ff56fa2264525de9f
SnakeKeylogger
28d365d0bf668ea41521237a106c5ad34b280ec1cbfc2b6a5d39ec82b72e3d2f
SnakeKeylogger
8072ca29a8527b0b1c1fa59ca07d85da4ce692ba73cc0471c73b47d08f839845
SnakeKeylogger
9cd3ef368ba18453043dc339a7666db5636655c58168ec64b59230be8635d741
SnakeKeylogger
a4b233fc40d4dc87b1b0083d75934909ec0fab27bc718a83428f679747128c1f
SnakeKeylogger
a883f34db93775194950d1e84662fd150b16e0a3f28a007f44eae8447a6bf93a
SnakeKeylogger
d0fef103952fc6153a48b9d529d96d2f76cf989855877a16cc5aae393e1e3e0d
SnakeKeylogger
+ 1'054 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210921-jrkxsabdfj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Looks up external IP address via web service
Loads dropped DLL
Unpacked files
SH256 hash:
f280d4be5d011aec50de5e977915916dada8adc71b58234ae240b2a0dccf84f4
MD5 hash:
7189ea467a204a6d47f9e623cb256115
SHA1 hash:
1a28b67d9cd1eac36276e3e5c06f667530175045
Link:
https://www.unpac.me/results/6e32501f-fcb8-49d1-b0a8-7c46830dead7/
SH256 hash:
e20ec482ad8c2a39fdbde0337bcc9e1570ca5129adb914e7ae6ef4c36cf3972b
MD5 hash:
efc0809299a015cd7c7e6a8b172cbdea
SHA1 hash:
5cae9ddc0f40f82e80a0145bb5a950a11d0ffb4c
Link:
https://www.unpac.me/results/6e32501f-fcb8-49d1-b0a8-7c46830dead7/
SH256 hash:
6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d
MD5 hash:
319666af1b4391a150ad3a6e854de163
SHA1 hash:
bce2ea42785d482bf250c6b581c263353425fd31
Link:
https://www.unpac.me/results/6e32501f-fcb8-49d1-b0a8-7c46830dead7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/189684/

Comments