MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63
SHA3-384 hash:	e2782c63ab89cdb99f80e09dfb6b2515c2383c30da7589e7ee659757f67690694402173ce936e570d5475d5d9fe68fd7
SHA1 hash:	ed3d38f62d4f97e70e9a4bea32826dcb14c2a87c
MD5 hash:	bcdefb2463aa0840c35c5ee935fabc45
humanhash:	nevada-alaska-freddie-equal
File name:	MACHINE SPECIFICATION.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	415'772 bytes
First seen:	2021-08-24 05:46:19 UTC
Last seen:	2021-08-24 07:24:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	76cb49957629b5fe0d40d13588a8762e (4 x Loki, 3 x Formbook, 2 x NanoCore)
ssdeep	6144:2+MsCS1/AjgOqMVeAXGiJN7zuSWRF7Jnb8hT6UoMrEWnYq+civhuvG9:VSShAHqqG+/uSKFdghTb1lh3ivhuvu
Threatray	1'410 similar samples on MalwareBazaar
TLSH	T1E194AF1EB73585E7E811CE7626658C3E5F706C35ED1A041E3442BE9A2FB230D2D52E3A
dhash icon	fcc69292aa8c9ec0 (7 x AgentTesla, 3 x SnakeKeylogger, 1 x AveMariaRAT)
Reporter	lowmal3
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

116

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

MACHINE SPECIFICATION.exe

Verdict:

Malicious activity

Analysis date:

2021-08-24 05:46:42 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/bdd3671e-52db-4336-92a3-c6cc08011e25

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/181715/

Detection(s):

Win.Malware.Generic-9888233-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

DNS request

Connection attempt

Sending an HTTP GET request

Sending a custom TCP request

Reading critical registry keys

Creating a window

Sending a UDP request

Unauthorized injection to a system process

Forced shutdown of a browser

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/50cb361b-be94-4cfa-b986-734ff452f2dc

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

spre.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/837967

Signature

.NET source code references suspicious native API functions

Antivirus / Scanner detection for submitted sample

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Maps a DLL or memory area into another process

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Sigma detected: MSBuild connects to smtp port

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Writes to foreign memory regions

Yara detected Snake Keylogger

Yara detected Telegram RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-08-24 05:47:05 UTC

AV detection:

16 of 42 (38.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=shuhmo2qwakvwsmecngzlu3pxhmsxsr2lw4ng65xl74pv6enxrrq._file

Verdict:

malicious

SnakeKeylogger

252225cfd4ec7a7b61e5138d1587a4a212909f596004b8a157fe9f0ed4c6496b

SnakeKeylogger

726e779529f34143e4d094f0252f3c6e04547d062970d26c0cb553c57c98b1ed

SnakeKeylogger

9ff44ba44707bbdda0a858a2d0c11725b146fb4671ed91295ce2e0a3ac8b175c

SnakeKeylogger

cd0d3ddd3ad4bc8aa191541aa35c6851edaacb6ec410252991f6c50fc4dc1a1b

SnakeKeylogger

d57a5e8835ba746d89d2c4ecc9f904793b485c6affc1b9901486c84eb88f4e1e

SnakeKeylogger

d8496d072e29b2cfdeda1988750626b8ab6a1c587c3d91396cdad272d9217546

SnakeKeylogger

+ 1'400 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger stealer

Link:

https://tria.ge/reports/210824-ykmm4zmq3n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Snake Keylogger

Unpacked files

SH256 hash:

91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63

MD5 hash:

bcdefb2463aa0840c35c5ee935fabc45

SHA1 hash:

ed3d38f62d4f97e70e9a4bea32826dcb14c2a87c

Link:

https://www.unpac.me/results/e72f92db-9823-451b-a827-476fee275ccd/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/91e8763b50b0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.13

Link:

https://yomi.yoroi.company/submissions/91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

exe 91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/181715/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample