MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980
SHA3-384 hash: a58b41a96ff4c19617a438a7f45b05a17b44e04c717603e62898c29256d3bf1ef803906017f0c926015b8e0b2bd9ee3a
SHA1 hash: 5e920054df2005df19221972cc6d4249149714a2
MD5 hash: bba0750b7d82474195fd5a53bb4f4b43
humanhash: double-seventeen-spaghetti-golf
File name:Specification Accommodation Work Boats.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'002'496 bytes
First seen:2022-09-21 19:24:43 UTC
Last seen:2022-09-23 05:26:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:feDTqg+UIR2EtBvKT71vN5rAcTQqA/qYyqyaXOov7rRw2uYWN0auwg:fID+5KH5wcTpo5+07dw2uYW0aut
Threatray 4'238 similar samples on MalwareBazaar
TLSH T1B0259C1067EA8E03E2B967B5C4D0D47097B5AD02D06AC38F2FC55CDFB252BD69A80367
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 74d298b898b0f8b4 (11 x AgentTesla, 11 x SnakeKeylogger, 9 x Formbook)
Reporter James_inthe_box
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
320
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Specification Accommodation Work Boats.exe
Verdict:
Malicious activity
Analysis date:
2022-09-21 19:25:10 UTC
Tags:
evasion trojan snake keylogger
Link:
https://app.any.run/tasks/6d9d4f9a-94de-45a5-ac50-19e0a1cd3ce1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/312119/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.6660.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
80%
Tags:
anti-vm packed
Link:
https://www.filescan.io/uploads/632b65a86aa625318dcd18f3/reports/baa34980-eb30-436b-a537-b72b6b24dfef/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/87aac84a-d03b-4f75-ae5d-737d94891a1d
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1074844
Signature
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected AntiVM3
Yara detected Generic Downloader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-09-21 09:02:56 UTC
File Type:
PE (.Net Exe)
Extracted files:
27
AV detection:
21 of 25 (84.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oxhh5bgmlrtienkm5ohny7ylo67d5to2kagrwalyvtgqyyky7gaa._file
Verdict:
malicious
Similar samples:
075d1ac0887f0028c537e2b45c1d1686d26e18464792ca65b374a4ac82261d93
SnakeKeylogger
158eb8ce0ff9c64f21622db564612ad494dd26f85ffca36664dd10f8d5aac2c5
SnakeKeylogger
48712214c8917adabb23b1d7f215db81e7431d4143ae9c3f773ec43c1e8f2aba
SnakeKeylogger
6fccc54b1735e68508ccfdad83f18a26226257c153b714d8cff7d0cffe905423
SnakeKeylogger
accc171460a87b3ec4934c65261884592cc54ee58433665590663604b045f39f
SnakeKeylogger
e081465f75b5fc1a981ad522ad595642d28c19df648d26c2694f6d09d8035872
SnakeKeylogger
f99578c5197a92ba74cdeb977f96e4338fd6fadf547ddd1a3dcbaccd85d91236
SnakeKeylogger
fd3ad1ad1650875cef812f9574d44d0c2542eb6cc7fe8006d27234ac18ac2c48
SnakeKeylogger
+ 4'228 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220921-x4yajaghh4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/43d06dfd-d526-4e63-8e81-2a3f0c1554f4
Unpacked files
SH256 hash:
161903f7d5633a0cdc5d416c229e1af16ad3f5a6d11dbe8d500aa9151a273f62
MD5 hash:
b460e7cd67e88a80f0b65f65d28b1c4c
SHA1 hash:
fef017687483cf2b5b9d5f8061b6f0645fdcf779
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
SH256 hash:
8aae68b6ba9c7e359957761f1b5a564672c5b2c6474e0630a887c4ace9fd3515
MD5 hash:
4db0e1375fe29d99253a870e07fa2454
SHA1 hash:
86ec79e28346589759ab646743f815374f7d933b
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
SH256 hash:
2470b39032f6182252039c88199016566b0de30c6aa02163a143427afedd12af
MD5 hash:
c3a1924684ca30ed22234ce1d9111dfc
SHA1 hash:
7347706241422758c06440fd6044ae4e042b456b
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
SH256 hash:
c6fcfc133394ea2b393411f6fc2ac2241276e694a51ba1eb7c0d8596498dc08d
MD5 hash:
50048ea57cd7befede0556f3927c0429
SHA1 hash:
173d060afe14918946ba6869b0c8b365dafd6380
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
SH256 hash:
a982a4482046d38498bc2d0fbfc2e04773539872821a50d48355c3219e4ecc4b
MD5 hash:
3441a96d16d24c04cb1cfa4cb3473607
SHA1 hash:
08009c8dea9118670b41df3f43dc3872c87fe98d
Detections:
snake_keylogger
Create hunting rule
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
Parent samples :
9e99feb370661801fc9d86d724ecf3586353fd7f389f020111367d739673d3ff
760fb3792679c7fec49a37dd132d7fe007ac2be5639aec0d8f3aa5574aa40b0e
b0306fe7e4473bc993cb5cca599a38712c12ec90bd4296c450b0a79a9077a3eb
80e8b701fd11b9e2f3736d0fc1a385d2075675e2cbdd3821ae24501722820898
75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980
44e798b75739e6fdededf5b7ff28cae9f7affa32c47e2ee447e7a81ee6e7e266
e4a84a2b70e197eb91c303201e597e097011cce846ee55f6dcfd50688c2e96f3
f2b78e759ea577cba8ce76cf8fb591abd0f54c7ce8ff7cc43c5442f2021921f6
SH256 hash:
75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980
MD5 hash:
bba0750b7d82474195fd5a53bb4f4b43
SHA1 hash:
5e920054df2005df19221972cc6d4249149714a2
Link:
https://www.unpac.me/results/12441243-d140-481d-893e-06597dd08a89/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/75ce7e84cc5c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/75ce7e84cc5c6682354ceb8edc7f0b77be3ecdda500d1b0178accd0c6158f980

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/312119/

Comments