MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92bbc1a1a4c09700520bfeaa23a235d1e5a27fb29326e456e26998a38cfbda22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92bbc1a1a4c09700520bfeaa23a235d1e5a27fb29326e456e26998a38cfbda22
SHA3-384 hash: e83a44c0efe201b5e765d740617a2f25ee58b8eecc8e537746bdeb45fa14a237a834e50e1c632e4dea7ce9d5910b735b
SHA1 hash: d06d59480610c5057c1d4df0eea551af00709c1b
MD5 hash: ebe9f5e4ed7905a94b8a6e950c728e7c
humanhash: robert-item-mississippi-enemy
File name:PO2102003.CAB
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:581'335 bytes
First seen:2021-02-25 10:20:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:r8S7hXKH3kCEkkQILg8W8CpXHov4hVHbV7oxBPEcyHNi8KJfS:r84YAQIuzp7+xxlyH7KJ6
TLSH A9C42359DD58AFB5CF18FD6839F722627FE74E40A3D1E5234850882E333E40A57A60E9
Reporter abuse_ch
Tags:cab DEU geo SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: cloudhost-831129.us-midwest-1.nxcli.net
Sending IP: 8.29.154.38
From: STALMED, S.L. <info5@stalmed.es>
Subject: Neue Auftragsbestätigung Bestellnummer 2102003
Attachment: PO2102003.CAB (contains "PO#2102003.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92bbc1a1a4c09700520bfeaa23a235d1e5a27fb29326e456e26998a38cfbda22/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-25 10:21:08 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sk54dineyclqauql72vchirv2hs2e75ssmtoivxcngmkhdh33ira._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 92bbc1a1a4c09700520bfeaa23a235d1e5a27fb29326e456e26998a38cfbda22

(this sample)

SnakeKeylogger

Executable exe 8742e0e2aab9d1c3d010b60e12da60e2c5a46675727f4fe4f3bfae8b87b644d2

  
Dropping
MD5 de5bf061dbb95a561586d411eab2e28a
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8742e0e2aab9d1c3d010b60e12da60e2c5a46675727f4fe4f3bfae8b87b644d2

Comments