MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73274c30b42c79212b0c720024e7b2de9cc841e8010ad52736966626bde1ccf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73274c30b42c79212b0c720024e7b2de9cc841e8010ad52736966626bde1ccf3
SHA3-384 hash: d670b3c40f18908b7778b7674f533791732813b0d910c7d9be867808421fbb110541b8abe6f714d8222a850f44b89c2c
SHA1 hash: 786692b7dc695ce62ae2386d704bafbd758d1629
MD5 hash: d2d3e562d8da3e91248b0d67ac3ddb25
humanhash: uranus-wyoming-alpha-march
File name:MT2001205-REX 5.25.pdf.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:245'792 bytes
First seen:2021-02-09 06:35:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:rhzMRh3l4sqacNU+UONSWOu8YLO3/DJrUZmgzFXx9+zWj8KY:rhAes+W+UhNYqvDJwZmghr+zWQ3
TLSH 6C3423456F28436D91B010D2703E9B2614A2F24E89EE9EF843B8A8538E5FFE7451D53D
Reporter abuse_ch
Tags:gz SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.107
From: LHE Mohsin Ali Malik <mohsin.ali@raaziq.com>
Subject: Transaction Alert
Attachment: MT2001205-REX 5.25.pdf.gz (contains "MT2001205-REX 5.25.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.61480.32616.6013.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73274c30b42c79212b0c720024e7b2de9cc841e8010ad52736966626bde1ccf3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 06:36:16 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=omtuymfufr4sckymoiacjz5s32omqqpiaefnkjzwsztcnppbztzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/73274c30b42c79212b0c720024e7b2de9cc841e8010ad52736966626bde1ccf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 73274c30b42c79212b0c720024e7b2de9cc841e8010ad52736966626bde1ccf3

(this sample)

SnakeKeylogger

Executable exe f26a48c907f8beff3956b37efaa6498c3bf65302791962c3e5e420d42a556c3a

  
Dropping
MD5 7840c67c5dbb6eaa69f67398bb151b78
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f26a48c907f8beff3956b37efaa6498c3bf65302791962c3e5e420d42a556c3a

Comments