MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8778993306dd228e1753718c882fed72f2d2492f9839d76c8b28f7d7191255a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8778993306dd228e1753718c882fed72f2d2492f9839d76c8b28f7d7191255a8
SHA3-384 hash: cf32c45dea92c186ba526c9db90d30dc035a73bc23e0f17e09adda107b63962bbe573d32dd504567e66a1eac4e8ddff2
SHA1 hash: 96f844505d6cab30f2c9248ce8c5386e23cc0b1b
MD5 hash: 07e779b5c25f41784fe2102225976808
humanhash: carpet-maine-helium-lake
File name:aralık ekstreniz.7z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:446'524 bytes
First seen:2020-12-18 16:51:07 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:b5XAGrHdrE4R51BUcYwkvH3uX2jiiSz3fm3sQkb5:b5XAGrHL51BUHvHOmSzvmrkt
TLSH 2894233FBFE8176A9F80D39DB223E90D947C42698264E7A3932541FD64CCD18B99B214
Reporter abuse_ch
Tags:7z geo TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: ekstre@eekstre.qnbfinansbank.com
Subject: CardFinans KOBİ Visa Aralık ayi ekstreniz.
Attachment: aralık ekstreniz.7z (contains "aralık ekstreniz.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.Trojan-Dropper.Injector.23203.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8778993306dd228e1753718c882fed72f2d2492f9839d76c8b28f7d7191255a8/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-12-18 11:47:28 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q54jsmyg3uri4f2toggiql7nolznesjpta45o3elfd35ogiskwua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8778993306dd228e1753718c882fed72f2d2492f9839d76c8b28f7d7191255a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

7z 8778993306dd228e1753718c882fed72f2d2492f9839d76c8b28f7d7191255a8

(this sample)

SnakeKeylogger

Executable exe d6a2dd4ed732f43100bcf66aa1bbef9442c4ed975d943ee81c99c3fa4932d91c

  
Dropping
MD5 dc7a345584ec575cb64973d29ac5e784
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6a2dd4ed732f43100bcf66aa1bbef9442c4ed975d943ee81c99c3fa4932d91c

Comments