MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bf806027d2f8f05fb8853ed04d4c79448fc3d7084ce649f194af6b5886d13bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bf806027d2f8f05fb8853ed04d4c79448fc3d7084ce649f194af6b5886d13bf
SHA3-384 hash: ca5224562cae79d742519a15baa62b07296ade8548928d4624646be7091c29510bd9992208e1a0f2bf5898af22b9c27a
SHA1 hash: fda56e8d4dea12f2a49c75f6aae32a3d090d3819
MD5 hash: 813c554ca96946a8391a6f87dba6f3cb
humanhash: freddie-foxtrot-fix-happy
File name:LR0194_20_BR01_I.P.Manufacturing 002.xz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:519'389 bytes
First seen:2021-02-17 13:29:11 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:TRSmfWsa9LrzmFQ8IjfavUZzO5Cr693+PB+:TbWZHmmBj6D196B+
TLSH 7DB423E3060F068C793741D9EEA9E7B98052A915729C363367E4BAFE65023C3B5D17E0
Reporter abuse_ch
Tags:SnakeKeylogger xz


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: oasismachine.com
Sending IP: 45.88.3.78
From: Purchasing Department <james.freeman@oasismachine.com>
Subject: V-ZUG: PO on demand 4000270283-B60
Attachment: LR0194_20_BR01_I.P.Manufacturing 002.xz (contains "LR0194_20_BR01_I.P.Manufacturing (002).cmd")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bf806027d2f8f05fb8853ed04d4c79448fc3d7084ce649f194af6b5886d13bf/
Threat name:
Win32.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 13:19:40 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=np4amat5f6hql64ikpwqjvghsrepyplqqthgjhyzjl3llcdnco7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

xz 6bf806027d2f8f05fb8853ed04d4c79448fc3d7084ce649f194af6b5886d13bf

(this sample)

SnakeKeylogger

Executable exe 263c4e903d71b3904f1759fd6eaa977a301ecdb3a3ff17ef11744f703a0a37ba

  
Dropping
MD5 61e3377823bc1c3e27b6f2e3e3af1752
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 263c4e903d71b3904f1759fd6eaa977a301ecdb3a3ff17ef11744f703a0a37ba

Comments