MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7210a6a5908d8262688ea2f60930f7be1c5336130962e47f5fa5359d3ba27769. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7210a6a5908d8262688ea2f60930f7be1c5336130962e47f5fa5359d3ba27769
SHA3-384 hash: cfdce895b4a6f0f8e974124504e22abda6f1720b27b12d5d4638e7fdfe928f9bae09179c38598728a2e7e85414fc40f3
SHA1 hash: 50d698c491c750ecd58da0594758c56997807330
MD5 hash: 0d9068783fd5d800a6f542cd2766d63e
humanhash: nineteen-seven-nevada-stream
File name:QPI-0145.img
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'703'936 bytes
First seen:2021-01-06 06:37:25 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Y1+Iqh7x7CjuDOnwVQNOL2zwslX3jVh96:Y1EhO2OnNoCVh4
TLSH 69757B06D644CBD4FC60B1FB0245BB02D324EC96569D4B876779BBEDA2B26D23D4F208
Reporter abuse_ch
Tags:img SnakeKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mo4-p07-ob.smtp.rzone.de
Sending IP: 85.215.255.115
From: Nguyen Trong Trinh (Mr.) <info@valevla.com>
Reply-To: info@valevla.com
Subject: Re: CARGO SHIPPING REQUEST
Attachment: QPI-0145.img (contains "QPI-01458.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7210a6a5908d8262688ea2f60930f7be1c5336130962e47f5fa5359d3ba27769/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 06:38:07 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oiiknjmqrwbge2eoul3asmhxxyofgnqtbfroi727uu2z2o5co5uq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7210a6a5908d8262688ea2f60930f7be1c5336130962e47f5fa5359d3ba27769

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img 7210a6a5908d8262688ea2f60930f7be1c5336130962e47f5fa5359d3ba27769

(this sample)

SnakeKeylogger

Executable exe f2475f5a4b0adee960b88ced8bdf3d8ab9a852fc084cecbaf9ba539bc27a4517

  
Dropping
MD5 b1cfe83f0e3723e48024fe568e3f34f7
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f2475f5a4b0adee960b88ced8bdf3d8ab9a852fc084cecbaf9ba539bc27a4517

Comments