MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875
SHA3-384 hash: cd408f40c42b0bfb12eef9124e7c1ddb9f8fe8050049483fe895d984750bea4882f8ed228e03fbeaae132b56adae2684
SHA1 hash: 0a5bc9bc2882592880d2c12000915752809be1a0
MD5 hash: ce90a936120772c37c808b909a612a3c
humanhash: bulldog-victor-jig-diet
File name:023456789098765423456789.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:691'845 bytes
First seen:2021-09-21 19:11:33 UTC
Last seen:2021-09-21 20:09:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 12288:JwwwwwwwewwwwwmQEv+ED+t1hpZeevdkr3/MNN4VvNRMXLxpkmk6JYC7:Jwwwwwwwewwwww3Ev+txZeosPMbeqLX/
Threatray 1'072 similar samples on MalwareBazaar
TLSH T1F4E4CFF32940ABE9D6923EB13479A5500D78BE33BADC31996B81B35C0F7642EB411D39
File icon (PE):PE icon
dhash icon d4e49ccce4d4ccd4 (1 x SnakeKeylogger)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
285
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
023456789098765423456789.exe
Verdict:
Malicious activity
Analysis date:
2021-09-21 19:14:45 UTC
Tags:
evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/fdec08dc-a547-4fab-84e4-3e0cd982d4ff

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189961/
Detection(s):
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.753.19296.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a9aae9aa-a7c0-4adf-83f3-e2e181ba9b85
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/855144
Signature
.NET source code references suspicious native API functions
Contains functionality to capture screen (.Net source)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2021-09-21 17:58:01 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhq6mx4twgjzx4thozqo7vm2z3bs43zuae2oua7vywv6c5uczb2q._file
Verdict:
malicious
Similar samples:
04514f416ce1d3bb390895ce496d91b024c3bd94cc3cb71ab6de2bcdb384e83a
SnakeKeylogger
06d932e13bb45761a61ae724efb9a792ebbc7037064745013a947ad119d261af
SnakeKeylogger
080a67d131facb8ce1207b2f2ac65d336aa328903f88ed8498ca3c0090a95205
SnakeKeylogger
18ea5ebd8331a357b54d5ab5b08db0bce05f8c452cabca6ff56fa2264525de9f
SnakeKeylogger
28d365d0bf668ea41521237a106c5ad34b280ec1cbfc2b6a5d39ec82b72e3d2f
SnakeKeylogger
6970940c6f449a63ac5a04ad826be1f9236863ca76d040797bf2e8fbf89a6c3d
SnakeKeylogger
8072ca29a8527b0b1c1fa59ca07d85da4ce692ba73cc0471c73b47d08f839845
SnakeKeylogger
834833adf2996b1c2846f36b48aea5ec0b71fd7f14e314baacd3755d27825197
SnakeKeylogger
ca902120a48485659c09e272fcd1708054502f82d4fa85a229d62ab6452abc54
SnakeKeylogger
d0fef103952fc6153a48b9d529d96d2f76cf989855877a16cc5aae393e1e3e0d
SnakeKeylogger
+ 1'062 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210921-xwhj4sacf7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Looks up external IP address via web service
Loads dropped DLL
Unpacked files
SH256 hash:
f280d4be5d011aec50de5e977915916dada8adc71b58234ae240b2a0dccf84f4
MD5 hash:
7189ea467a204a6d47f9e623cb256115
SHA1 hash:
1a28b67d9cd1eac36276e3e5c06f667530175045
Link:
https://www.unpac.me/results/e75d9d32-5c8d-4ec4-8a27-8b22612a5f30/
SH256 hash:
24fb859a867fda6e0e6e7f7d19865d36896f5e41c86d1d6944ed9e6506859157
MD5 hash:
481a1ed911d461bc6471376803410d60
SHA1 hash:
ee4e484e503d156a6f552574c5f846ae6a630082
Link:
https://www.unpac.me/results/e75d9d32-5c8d-4ec4-8a27-8b22612a5f30/
SH256 hash:
69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875
MD5 hash:
ce90a936120772c37c808b909a612a3c
SHA1 hash:
0a5bc9bc2882592880d2c12000915752809be1a0
Link:
https://www.unpac.me/results/e75d9d32-5c8d-4ec4-8a27-8b22612a5f30/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 69e1e65f93b1939bf2677660efd59acec32e6f340134ea03f5c5abe17682c875

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/189961/

Comments