MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fe74471f7e76b21be7e677b97a65d66cecaf52ff0c343ab0a93b303ee464c0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	8fe74471f7e76b21be7e677b97a65d66cecaf52ff0c343ab0a93b303ee464c0e
SHA3-384 hash:	a11b3218cf0bfc188ee7422196880d9a556a1830be98249274b42a59f9129ba72ae385cf8b1bc92a3ec8d80eaaaabe03
SHA1 hash:	d75e191833bd36531468f4d7ba408a3c9504da3b
MD5 hash:	7896ce09d6bf3dcb6d233fcee51d306f
humanhash:	april-summer-angel-seventeen
File name:	23456780987654234.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	574'397 bytes
First seen:	2021-10-12 08:25:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep	12288:HZ8A8BB0blefqEbvfwCDka1SI+ddHLYCjuu/ekJevTLYTobT:58nYlefqEztDky+rHLiu/eH3bT
Threatray	633 similar samples on MalwareBazaar
TLSH	T1B4C4E0916260F662D9128976C1FDCE761F19183C9A69601273B0F31F70F07C3B56EAEA
File icon (PE):
dhash icon	92b692cab2a2c4d4 (1 x SnakeKeylogger)
Reporter	abuse_ch
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

23456780987654234.exe

Verdict:

Malicious activity

Analysis date:

2021-10-12 08:34:24 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/e3fb5868-8e55-43a2-bee2-0e236ce8c169

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/196806/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Creating a file

Unauthorized injection to a recently created process

Launching a service

Creating a window

DNS request

Connection attempt

Sending an HTTP GET request

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

75%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/616546a69fb4d8593d6244ce/reports/0d24745f-0054-4d04-94c1-5a8025979e71/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a8ee7001-2206-4a1e-a050-fffb6afd3fbb

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/868405

Signature

.NET source code references suspicious native API functions

Contains functionality to capture screen (.Net source)

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

May check the online IP address of the machine

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Yara detected Snake Keylogger

Yara detected Telegram RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8fe74471f7e76b21be7e677b97a65d66cecaf52ff0c343ab0a93b303ee464c0e/

Threat name:

Win32.Trojan.Nsisx

Status:

Malicious

First seen:

2021-10-12 02:47:43 UTC

AV detection:

8 of 45 (17.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=r7tui4px45vsdpt6m55zpjs5m3hmv5jp6dbuhkyksozqh3sgjqha._file

Verdict:

malicious

SnakeKeylogger

585d722fb9096865f5a52e69f9422d3d1e7bf5655f143fee9730468f6b5c6883

SnakeKeylogger

61d71ab4e23eba8055de07d4283a6e2f70e00fbb3c4fdeaf8ae8258fafe340f7

SnakeKeylogger

73db8576ad079efbe1376a00f6d027d0e9aeb173f594ee7161dbd5c62f9f215d

SnakeKeylogger

8354233118186bbd3cb2c83862d11174e89e795b5e041837461e908a7dccc5a9

SnakeKeylogger

a404718bcedb5af3ba359ec90d90dfda908f82f4335ff628abf08bc25cdae1cb

SnakeKeylogger

a6ab3a1ec39d3a4c0660bbfdbe8cbbdd89d9278cca176d7bff77d7aab00dd7ed

SnakeKeylogger

cb20d90585c02baaa6a4a383b6d9422dd337a0440833e498116407298058962d

SnakeKeylogger

d2ec2611b322552856d3f202484914625b49f0dc3326d8ea3acdb3a57e65b1ef

SnakeKeylogger

eab57bcf0018095e0008fa816f57a1a95bf498f2436cedffa28acea6299220b9

SnakeKeylogger

+ 623 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

collection spyware stealer

Link:

https://tria.ge/reports/211012-kbzaxabhd3/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Enumerates physical storage devices

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

8fe74471f7e76b21be7e677b97a65d66cecaf52ff0c343ab0a93b303ee464c0e

MD5 hash:

7896ce09d6bf3dcb6d233fcee51d306f

SHA1 hash:

d75e191833bd36531468f4d7ba408a3c9504da3b

Link:

https://www.unpac.me/results/15551eb0-78fd-4c2b-b4da-9496eb3919f3/

Malware family:

Phoenix

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/8fe74471f7e7/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8fe74471f7e76b21be7e677b97a65d66cecaf52ff0c343ab0a93b303ee464c0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/196806/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample