MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0
SHA3-384 hash: a73a94dd9c9a5cccd104d119af631d72534b5caf1d2260619130367b60b338dc55652c610897a466267518b178df102a
SHA1 hash: d02ab7b073f8ca561c663350ac774199e704d303
MD5 hash: a05414cc8fbd138a0fbb3953802e6c26
humanhash: crazy-east-july-artist
File name:Mandiri Cash Management.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'290'752 bytes
First seen:2022-09-21 07:35:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:ncIkw9Ww36BT7kPgNOaDTeBy2bUFtmGDd+NvhMdasXvrbyRheK3azrtn:bkw9rqBHzXeCvmzhhUvrbyuK3avtn
Threatray 4'231 similar samples on MalwareBazaar
TLSH T1F0556C51B2A5CD47E56B07F19CE6E43012B26E4DD464C20E1ED97E9B72B338260CAF1B
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon eeacac8cb6e2ba86 (561 x SnakeKeylogger, 142 x AgentTesla, 40 x Formbook)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
273
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Mandiri Cash Management.exe
Verdict:
Malicious activity
Analysis date:
2022-09-21 07:41:54 UTC
Tags:
evasion trojan snake
Link:
https://app.any.run/tasks/a9ece15f-6e91-45a4-8b2e-a13af0a18444

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/311988/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.6660.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm packed
Link:
https://www.filescan.io/uploads/632abf2ee64c53f047fa33d6/reports/919907d5-e141-45ed-a797-2a9fe01fd3c0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ad6839a7-903c-480b-8878-0c3c3f32a515
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1074446
Signature
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected AntiVM3
Yara detected Generic Downloader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0/
Threat name:
ByteCode-MSIL.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-09-21 07:18:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
46
AV detection:
21 of 25 (84.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ray47f53vbkixciuu2p65mkgqxnmv33wha5qt3vowqv6sfcplhia._file
Verdict:
malicious
Similar samples:
075d1ac0887f0028c537e2b45c1d1686d26e18464792ca65b374a4ac82261d93
SnakeKeylogger
158eb8ce0ff9c64f21622db564612ad494dd26f85ffca36664dd10f8d5aac2c5
SnakeKeylogger
48712214c8917adabb23b1d7f215db81e7431d4143ae9c3f773ec43c1e8f2aba
SnakeKeylogger
6fccc54b1735e68508ccfdad83f18a26226257c153b714d8cff7d0cffe905423
SnakeKeylogger
accc171460a87b3ec4934c65261884592cc54ee58433665590663604b045f39f
SnakeKeylogger
e081465f75b5fc1a981ad522ad595642d28c19df648d26c2694f6d09d8035872
SnakeKeylogger
f99578c5197a92ba74cdeb977f96e4338fd6fadf547ddd1a3dcbaccd85d91236
SnakeKeylogger
fd3ad1ad1650875cef812f9574d44d0c2542eb6cc7fe8006d27234ac18ac2c48
SnakeKeylogger
+ 4'221 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220921-je84vaffh2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot5478319803:AAHq9LkDUFBRvjOub4YfRlPURZxM59_BVnc/sendMessage?chat_id=5516439768
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/fc6070de-a196-49d1-a745-e03079ac7420
Unpacked files
SH256 hash:
cfd60d5d16dc259fabe69a1971e20094e91cfc1c34a4a7bbde395cacd7ff79fd
MD5 hash:
ae50ab0e06f3ef234eef05b0cd4ad99c
SHA1 hash:
f4acddcf5842e4e0394326b4577bb04b489d545a
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
SH256 hash:
49bdf1ed18d453e600a6c7301f1b061f10287420791b8b9feb0369e9dda02f6e
MD5 hash:
3ffbc0acbbb9980bff34a8d6ab1218a6
SHA1 hash:
dbe6a122a17fb0dd8a2953c1e41d12f04520bfd5
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
SH256 hash:
d47ec49b14e39dab72a9faaf50abb27dedfd98ccdf401d0a6294a50ece8d5699
MD5 hash:
6460c7a2ce3d574a77a442bf1068f8c1
SHA1 hash:
be25bbcb73899b20d72f38c1d1d3d74d127d61ea
Detections:
snake_keylogger
Create hunting rule
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
Parent samples :
d66f2a872f2e014d7c5365d3b5ad690f8b09497de1acf3ecb7fe6a940c5bd825
8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0
aa42f20183026e8912e487dc655d4459e8e37e3743cdc7753dc60fa712d8117f
305de8ad8b1095b070b027dbbfc600b2ba15900daddfc3ac2a90d2c774eff943
8c1a2bd2037b1cee06fb12bd64c04ea42a72808c9ad0cad33457e54d90a3466d
9add302f93d6b4b2484c5208567406f806d0490cea06857bb6eaa3846324fe71
af9261c21a9b9a00e12aa2b1bfd4777c7c6abb2b837cf9278d105f522f4a566d
c48b8f82638c46dbc8aa4a738cb29a8e392b6c4f5c7a04ad31f20d567dae119d
c5d36c9e7ca9f63a9e9ac2ca6970c7005125990ae6d2b16afa984dd73b181a07
76bb452ff2245c99b1fbbd56e9e5b3058322ab10bf2dc814b030fb8c6b5a1ccc
SH256 hash:
16a2654b75362e17d90461a8223126179724b233f706567e90a306d60dc32ce1
MD5 hash:
3ca56d1bbf5c0a219ab37885ab873ec4
SHA1 hash:
8e007ca9069fd29ef733fb15dccb250773b5f27f
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
SH256 hash:
e20ec8f3c957bcb6a194ef688bae8af2015cfffb20e7baf8b2114d7b70ade4ee
MD5 hash:
35cb29046968faca7f3f3b4463449b6c
SHA1 hash:
088c8c30ec1bece0a4b5bbfe3982b073f8b95598
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
SH256 hash:
8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0
MD5 hash:
a05414cc8fbd138a0fbb3953802e6c26
SHA1 hash:
d02ab7b073f8ca561c663350ac774199e704d303
Link:
https://www.unpac.me/results/5ab9cbb8-2f72-40e5-996c-24148be59a28/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8831cf97bba8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/8831cf97bba8548b8914a69feeb14685dacaef76383b09eeaeb42be9144f59d0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/311988/

Comments