MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364
SHA3-384 hash: 5289788de6dd06644c10efaa6f5ec0eddf91ef796d8f29510d59ded96f6ecd69308c277165daeeefb22da0d6d5dca050
SHA1 hash: 922686230beb3a2f879f4e6e789d36a962e32991
MD5 hash: d96b7886c4e00e171709fd82c54ec891
humanhash: arkansas-lima-don-connecticut
File name:SecuriteInfo.com.Trojan0057be311.75.23245
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:225'592 bytes
First seen:2021-05-04 21:53:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'473 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:67D4Qc8ETb/cjMiTqjRwQyxKp5c0jCKB:yD4Qlsb/cjMiTqdIxKp5c0m
Threatray 90 similar samples on MalwareBazaar
TLSH DF24F108AFE5D70FD9B14F789CE2C23877717F11A846F28B6853B24683793D45880EA6
Reporter SecuriteInfoCom
Tags:SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/149850/
Detection(s):
SecuriteInfo.com.Trojan0057be311.75.23245.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/710901
Signature
Creates an undocumented autostart registry key
Found malware configuration
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-05-04 15:35:42 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rscsze3bf23emtc6ilmkmahaw46t4lttvvllei65al5j7pc5cnsa._file
Verdict:
unknown
Similar samples:
1860347130f68ba0d084750816ca0fc532b8647d89e36ff53c0355e73a46d332
SnakeKeylogger
40e8910e48e5bfde7fd30bbc51a1d371a378dc4a306ed2145990219554f80a4a
SnakeKeylogger
5e90997364ac5c40a3c374faa4a11c74e9d040e42c10a2dcab169818e1d717b5
SnakeKeylogger
60ef6cebb8be31d48b6d182a5df9597a74e0978c3bae05a43167775deba9199c
SnakeKeylogger
916bd03b40de6bfa498311e3a70d3e98c50e8255fd413d446daab77951224856
SnakeKeylogger
9f8e2f4d984a481f05c45de6fd4991d8f912166fe3ffa1d299a3719e2e7e82c1
SnakeKeylogger
b65eed317058df5ddd4247ec93ac2b555ae2c29b751ee455ceee3dd9b670ecad
SnakeKeylogger
d346665dc0a3c37256f313f6e9e41c254acf70c599d007f1391128c4b3771ce6
SnakeKeylogger
d5e1923de474408cc5f31650c36345027663f0411bef1e1ef4fa3a2d56bc5d42
SnakeKeylogger
df3dccb8f35520888aad04bdbcba5c3c6e74ff7eac793cb65f2cf45d9be8203d
SnakeKeylogger
+ 80 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210504-kbcpqxs8rj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
27dee579436cc1acc08182b3af20d2d118dd192abc6b1b822cc642680667e96d
MD5 hash:
068e7bdf93213382dda48cd15a15879b
SHA1 hash:
7d7a831bbbed15d573202801d1178316c85d3def
Link:
https://www.unpac.me/results/acc07605-1fa6-4a22-9bee-6d4143619ac2/
SH256 hash:
8599c6584374743bf1941e9caa5874f97cff80fb10c247786ec67f6506791e26
MD5 hash:
c082c5661d0b89d7b3401bb3a75027c9
SHA1 hash:
832494657de4cc2f83ad192a9bba10d9095f489c
Link:
https://www.unpac.me/results/acc07605-1fa6-4a22-9bee-6d4143619ac2/
SH256 hash:
c10e04f6a513b723e45b8479650cd74a40b82721d2274f29b1417944897476b9
MD5 hash:
45d41546a4f95acdca61a12d22e04df7
SHA1 hash:
96d1e875def56b88d747b6c1265476025a1e6ab9
Link:
https://www.unpac.me/results/acc07605-1fa6-4a22-9bee-6d4143619ac2/
SH256 hash:
8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364
MD5 hash:
d96b7886c4e00e171709fd82c54ec891
SHA1 hash:
922686230beb3a2f879f4e6e789d36a962e32991
Link:
https://www.unpac.me/results/acc07605-1fa6-4a22-9bee-6d4143619ac2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:INDICATOR_KB_CERT_04f131322cc31d92c849fca351d2f141
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:pe_imphash
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SnakeKeylogger

Executable exe 8c852c93612eb6464c5e42d8a600e0b73d3e2e73ad56b223dd02fa9fbc5d1364

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1193842/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/149850/

Comments