MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77d20e04d420adbb732bdd2d365afa1ce9b85585c443c894039bc972d88a9353. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77d20e04d420adbb732bdd2d365afa1ce9b85585c443c894039bc972d88a9353
SHA3-384 hash: b83a5fdf90aaaea3981b2d138db1b788c8f9862e75f69f49cf178e0eabe2c3cb2a20b9377b8bb7a125941a5afcb339fb
SHA1 hash: b9f420d4c8c85e56876891f8521e4dab38ae0a15
MD5 hash: 3c79639ff8699d1ec0154d6d6eac37db
humanhash: fourteen-carpet-harry-pluto
File name:McDERMOTT STANDARD TERMS AND CONDITIONSInclusive of Appendix Kakinada - R0186232.img
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'310'720 bytes
First seen:2021-02-17 13:34:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:OpoAjC84Mab0k/05qD4xgca8ndRg9SRmINmnxjA:MC9MY4xXa8dQSWZA
TLSH 1455BDAA3384DA51DC2877BD81A1C7F002A7F91E6336C18F6889399B3D13EC54755BCA
Reporter abuse_ch
Tags:img SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: fi.fiercegauge.live
Sending IP: 45.95.168.180
From: Venkata Krishna <vkoripella@mcdermott.com>
Subject: RFQ for supply of Swagelok fittings for CFM Tooling integration of KGD6 Project, Kakinada - R0186232
Attachment: McDERMOTT STANDARD TERMS AND CONDITIONSInclusive of Appendix Kakinada - R0186232.img (contains "McDERMOTT STANDARD TERMS AND CONDITIONS(Inclusive of Appendix Kakinada - R0186232.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.3381.19465.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77d20e04d420adbb732bdd2d365afa1ce9b85585c443c894039bc972d88a9353/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 13:35:08 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7ja4bguecw3w4zl3uwtmwx2dtu3qvmfyrb4rfadtpexfweksnjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img 77d20e04d420adbb732bdd2d365afa1ce9b85585c443c894039bc972d88a9353

(this sample)

SnakeKeylogger

Executable exe 45b183f3ab8e0ad421664b353e4951aa08d3f2e0ee0667a5b10d4dba5e5bb691

  
Dropping
MD5 343a265bfdb9b15f6b99db339112d799
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 45b183f3ab8e0ad421664b353e4951aa08d3f2e0ee0667a5b10d4dba5e5bb691

Comments