MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d
SHA3-384 hash:	e71c0dc02d5fb06d454b79e3dd14b29757676ef8d6eb457521829d881cab720885ed853b0608fbbe9aa3cb9a59916439
SHA1 hash:	a6c8cf5366e5715cb6ea2cf7f566be7d94737655
MD5 hash:	848a8ad712afb3844ae1f698c98b29c4
humanhash:	sad-september-low-sierra
File name:	Quotation_DEC-2022.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	396'288 bytes
First seen:	2022-12-14 13:17:39 UTC
Last seen:	2022-12-14 14:33:52 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:7ES06LJHQjf1HMCvbiBrERfUv4FPKXQhu+Kx:O6LJIfeCv+Mxnu9x
Threatray	823 similar samples on MalwareBazaar
TLSH	T1F884D0CDE6DD1FC0D56128B405EF115AB1ABDCFF0A5B006FE6A389ADE24E1524280FE5
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	Anonymous
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

178

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Quotation_DEC-2022.exe

Verdict:

Malicious activity

Analysis date:

2022-12-14 13:20:36 UTC

Tags:

evasion trojan

Link:

https://app.any.run/tasks/11321e06-01fd-4b61-9473-60a5d38e8b5f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/346250/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.1734.28260.19482.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Launching a process

Creating a file

DNS request

Сreating synchronization primitives

Sending an HTTP GET request

Reading critical registry keys

Creating a window

Unauthorized injection to a system process

Forced shutdown of a browser

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/6399cd0c04e0e79bdf42f7a0/reports/93f0740a-4919-441d-a98c-d886cd8ea284/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/aa09fe25-bc15-4d8f-bc58-39fdc95db1fd

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1134237

Signature

.NET source code references suspicious native API functions

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected Generic Downloader

Yara detected Snake Keylogger

Yara detected Telegram RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d/

Threat name:

ByteCode-MSIL.Trojan.Injuke

Status:

Malicious

First seen:

2022-12-14 00:11:51 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

14 of 26 (53.85%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p2elik2536i4iqonv3h3a45ejmvov2kporg7jvjveufbxyd6y6oq._file

Verdict:

malicious

SnakeKeylogger

3a26dd85c2956529f42c1622a093f7b817cbd4af7a474d75198df9e455ac753f

SnakeKeylogger

6a59650061032c3f583068664de3977430a5f1b70f7d09104d4f6d5437196c90

SnakeKeylogger

7b844afd2cc7cc0b0f9b1f3629a1795ff99901cc1fed5e2c5163f1e6bd19d83c

SnakeKeylogger

a99c69752668a94268cdb482df74649d755fcf56ecd9f431b1cb03b816a593cc

SnakeKeylogger

a9cf955162a9164b63c70530a2ed72b02ab53f7b39a3a9ece842cd2bebfb117c

SnakeKeylogger

ae9af66e82d414e7907d03e37ae9f4120498b15d1c3c7800507795d2ae21dae9

SnakeKeylogger

d5f4b34691f83d4e43fca884fd61b14af4893be3843ec3d41ed1c38539b28f6d

SnakeKeylogger

e82920cb9b7cf1077cdddabb9b56e84c70653f836ef85ea4d4a700501ccd12a3

SnakeKeylogger

f1cd87c944d9650c89a51bde24774850f087f6fdb6da5eba6cd360d79b98fc5c

SnakeKeylogger

+ 813 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger collection keylogger stealer

Link:

https://tria.ge/reports/221214-qjx1psaa73/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Snake Keylogger

Snake Keylogger payload

Malware Config

C2 Extraction:

https://api.telegram.org/bot5971576384:AAF517SR8P0q91HBaBMVtLG-dJ7zvOsqfiM/sendMessage?chat_id=5816593523

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/94f74fa2-df1e-45c5-aaae-46abda3d306c

Unpacked files

SH256 hash:

7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d

MD5 hash:

848a8ad712afb3844ae1f698c98b29c4

SHA1 hash:

a6c8cf5366e5715cb6ea2cf7f566be7d94737655

Link:

https://www.unpac.me/results/7d9b8a10-ac82-4048-97e3-a75e39c4b4e9/

Malware family:

SnakeKeylogger

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7e88b42b5ddf/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

exe 7e88b42b5ddf91c441cdaecfb073a44b2aeae94f744df4d535250a1be07ec79d

(this sample)

Dropped by

snakekeylogger

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/346250/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample