MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 790e6c6090ced9b5d85aa7084fcbdae3f2137147722162e56877834d50b38816. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 790e6c6090ced9b5d85aa7084fcbdae3f2137147722162e56877834d50b38816
SHA3-384 hash: fd8ac6e9fa5647abd213851d6e28448a969226c0c5cf1929d2e7f3c9088648029c8d9a5a4e7ae0989ba1f4a7fc1b1385
SHA1 hash: 2d7c4214cbc8158a8fb4022985ed056b3a04eb47
MD5 hash: 9055d63155a4c650a5197fa6ba70b280
humanhash: floor-mockingbird-alaska-paris
File name:SecuriteInfo.com.Trojan.Loader.845.12621.21921
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:537'059 bytes
First seen:2021-06-19 02:50:06 UTC
Last seen:2021-06-19 14:26:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 12288:y1nP8wGl5cDE+EXcYxPIyMq2XUBBM3ecT4CdswV:OP8wGsgtXcYx2q2XPciswV
Threatray 1'267 similar samples on MalwareBazaar
TLSH 1BB4234573E55433EC3B86335560E735EEBCA9006070A48B4720BF7D957AAC34E46BAB
Reporter SecuriteInfoCom
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
4
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Loader.845.12621.21921
Verdict:
Malicious activity
Analysis date:
2021-06-19 02:51:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3659066b-1c4a-4040-8854-32e560db08b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/166968/
Detection(s):
SecuriteInfo.com.Trojan.Loader.845.12621.21921.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/19a701e9-a1c0-4ad5-b1bd-3268fa2832ea
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/804646
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/790e6c6090ced9b5d85aa7084fcbdae3f2137147722162e56877834d50b38816/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-06-18 03:56:27 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
26 of 46 (56.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pehgyyeqz3m3lwc2u4ee7s624pzbg4khoiqwfzlio6bu2uftrala._file
Verdict:
unknown
Similar samples:
0db3bd35b25826c66d2ebc8f3d009b44dcffbf66e7998b19be0cf4c0d8fec258
SnakeKeylogger
19114d1f7709bcabb6ea19c9145267e114a403a690975c6eac5c8478ed278cf2
SnakeKeylogger
1e6e22400682ee9a9ec02f1742f84efd44978cb6c2d4ef685d04f650f180cfb4
SnakeKeylogger
52208fdea02024ab93aebbc72f62d3b105644d5afcb4d8de494f001f87a03a9d
SnakeKeylogger
65ea9d7333689abcd69eb67ac4d1c317734364ebb0f8a90ce79c8ebdc6e60e42
SnakeKeylogger
7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28
SnakeKeylogger
9c945fc31639ad3a22b019d3b159e66a8df4a28872576f429392fb4dc64ebb01
SnakeKeylogger
d373c0339517c98ee8668e152f5e0987acb36409fb33026d0bab053b84ac6d89
SnakeKeylogger
dc9030495d59d6792868d978609f095ab2cf6145a60897550d606712717bac76
SnakeKeylogger
e242d70710f47daf819f4dec74264d265efd80a1aa12eec27c0ac20715670923
SnakeKeylogger
+ 1'257 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210619-zxblczkfa6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
MD5 hash:
56a321bd011112ec5d8a32b2f6fd3231
SHA1 hash:
df20e3a35a1636de64df5290ae5e4e7572447f78
Link:
https://www.unpac.me/results/ac7d64eb-c00e-48bd-9b64-e00f19b49ac8/
SH256 hash:
f24593bfb9ce923d49d0c29f459c3f982586bb6b838734eca0b67a7aae1fcd51
MD5 hash:
41438d597320346ed9fa91a57f8cac54
SHA1 hash:
bfb2cc4d1d7c1029e88e2ed816b7e64305891a94
Link:
https://www.unpac.me/results/ac7d64eb-c00e-48bd-9b64-e00f19b49ac8/
SH256 hash:
6d99908d2433063bb774f38880c5add9275e84533f01760a8f36a3361017c500
MD5 hash:
4c820f2faa50a667710369937ef08bd8
SHA1 hash:
41035899e99f1eafe6eda927e950efbc77db0bc5
Link:
https://www.unpac.me/results/ac7d64eb-c00e-48bd-9b64-e00f19b49ac8/
SH256 hash:
790e6c6090ced9b5d85aa7084fcbdae3f2137147722162e56877834d50b38816
MD5 hash:
9055d63155a4c650a5197fa6ba70b280
SHA1 hash:
2d7c4214cbc8158a8fb4022985ed056b3a04eb47
Link:
https://www.unpac.me/results/ac7d64eb-c00e-48bd-9b64-e00f19b49ac8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/790e6c6090ced9b5d85aa7084fcbdae3f2137147722162e56877834d50b38816

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/166968/

Comments