MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3
SHA3-384 hash: 96e0663df4dfb59b95cac7972a91d2e96af2a1932832e9edc5b2ead11fea1f710d556073bf73cab71652729d2afdfb3c
SHA1 hash: 3bcfe8f3d3db82d4a8ad51fbd41e43515e01f917
MD5 hash: 1e95296d32bdae680afc245dd62a54c0
humanhash: black-two-montana-hawaii
File name:Saudi aramco tender documents-BOQ and ITB.TAR
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:529'421 bytes
First seen:2021-07-06 05:11:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:L076s7msTg0jogXIzjRxTDuCdl7+thd0+ecoajwmCpYn4UDcA:LoTm6gyoQIXTCCdl7gdleVcwm5Dr
TLSH 4BB4236C4C81A466C27DC5813F6A6171785F6E3874FA68778683C03A328F39ED7E9185
Reporter cocaman
Tags:rar SnakeKeylogger tar


Avatar
cocaman
Malicious email (T1566.001)
From: "Bandar Al-Shammari <BANDAR.ALSHAMMARI.1@ARAMCO.COM>" (likely spoofed)
Received: "from ARAMCO.COM (unknown [77.247.110.207]) "
Date: "5 Jul 2021 10:37:41 +0200"
Subject: "FINAL REMINDER!!! Request for Tender for SAUDI ARAMCO - SAUDI ARABIAN REFINERY RENOVATION - Phase 2 Project"
Attachment: "Saudi aramco tender documents-BOQ and ITB.TAR"

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3/
Threat name:
ByteCode-MSIL.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-05 08:05:36 UTC
File Type:
Binary (Archive)
Extracted files:
34
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nnnogmgbey5sqlidfzagaluen2iiszgeztmgax5yuzmxcfm2kgzq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger stealer
Link:
https://tria.ge/reports/210706-lfdhlx8xax/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Snake Keylogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 6b5ae330c1263b282d032e40602e846e908964c4ccd8605fb8a65971159a51b3

(this sample)

SnakeKeylogger

Executable exe b0c975b40f8a8f52aa372b0eea9ce604f35b9e5101b4aada3fda0cbb2e25229b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b0c975b40f8a8f52aa372b0eea9ce604f35b9e5101b4aada3fda0cbb2e25229b

Comments