MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2
SHA3-384 hash: 67d93e31493f3dc2c4584b950884d23766acc80f70ece6ad88607d291612c586106af607af4de56bd0c0e647fa7c84f4
SHA1 hash: a70c4c8feab1a30e434b88f41b1e69250f784674
MD5 hash: d9bf0b0621210fac4f9aa84f318a9268
humanhash: tango-mango-island-solar
File name:Shipping Document PL&BL Draft.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'225'216 bytes
First seen:2021-02-23 07:21:43 UTC
Last seen:2021-02-23 08:45:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:L94aAmTt39JQ3Krcrlhiz6021uysy9EueNndHxQ8wvV9fVJz6dkJd:L9ymcKrcBgp2IyL49CVzHz62
Threatray 59 similar samples on MalwareBazaar
TLSH 5945C012B7629BE9C8666E3F890B4048C3F49D632471F28B7CDE35D12521F0ADB6D927
Reporter abuse_ch
Tags:exe SnakeKeylogger TNT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.bebranded.com.au
Sending IP: 70.32.25.208
From: TNT Express INC <service@tnt.com>
Subject: Consignment Notification: You Have A Package With Us
Attachment: Shipping Document PLBL Draft.xz (contains "Shipping Document PL&BL Draft.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118504/
Detection(s):
SecuriteInfo.com.Win32.17587.32242.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Sending an HTTP GET request
Reading critical registry keys
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/614977
Signature
Found malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected Beds Obfuscator
Yara detected MultiObfuscated
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 01:57:40 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6jcyssqdlwpzdtywx6ku7bkyhuxy4flyx4vkqd6prznsggoipza._file
Verdict:
unknown
Similar samples:
199f078e93520f83664c2d903bd419fcd1919988b86ef2d36d2f77523dae56dd
SnakeKeylogger
4158eda852ee2f9ccbeceed05ff97af35dac101ed395f622ba41d93ef2ddfedc
SnakeKeylogger
8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b
SnakeKeylogger
8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e
SnakeKeylogger
9dde30eea4bc51f6561d857ecb624f09e3257c3a015ff49a8f22f206fcab45c1
SnakeKeylogger
b5a2fbfeb80e2e92039a23615df8b8f63f42d1331528f514b312d4946dc22607
SnakeKeylogger
bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b
SnakeKeylogger
cfe1f69c2984de3f5d476db3ce45aa4d95a8137f0ff1ba07c1b0cecf15075c93
SnakeKeylogger
df9b8b0093bdcff2dc73e2da55ea3c94cc90febcf05c4bb4edde266b3f376a55
SnakeKeylogger
f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef
SnakeKeylogger
+ 49 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210223-qaltmh6s4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2
MD5 hash:
d9bf0b0621210fac4f9aa84f318a9268
SHA1 hash:
a70c4c8feab1a30e434b88f41b1e69250f784674
Link:
https://www.unpac.me/results/47b25e7a-32e8-4b54-9727-485f907fe285/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

xz a36700aad4b6e299a479de1f2c98a74b4de64d7da8d3b14ab7d59fe2bc6559f9

SnakeKeylogger

Executable exe 77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2

(this sample)

  
Dropped by
MD5 82b473e66f22c02833dc275266c66479
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118504/
  
Dropped by
SHA256 a36700aad4b6e299a479de1f2c98a74b4de64d7da8d3b14ab7d59fe2bc6559f9

Comments