MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92c7a55d2ba606da51555135c33d2d923202ea2e2da59663f934ce5e67a98948. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92c7a55d2ba606da51555135c33d2d923202ea2e2da59663f934ce5e67a98948
SHA3-384 hash: 8b1536695fe7838803b47848dd536aace70117c9abb8122de609383d1d3e283eb50f6d97edda7b94b49fc1e1261883d1
SHA1 hash: 2279e0f023a71b19d92c7641c4c11d2523871684
MD5 hash: 9a45554808997ef93b416bdf594c2c2b
humanhash: yankee-carolina-michigan-gee
File name:Halkbank,doc.r11
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:553'407 bytes
First seen:2022-06-06 07:43:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:TNdIZca/M0jsMgLamEjWm0Fp2SIugKJ6gwuB18V/PPlLz24jLisYph:zIWasMgL/h2SbJDw/nlz2gLRYT
TLSH T187C4239CE52107B17AA533A98119C5490353E2F00F6AC968068DFFDFF9DE261B6BE350
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:r11 rar SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "T. HALK BANKASI<EKSTRE@halkbank.com.tr>" (likely spoofed)
Received: "from halkbank.com.tr (unknown [45.137.22.135]) "
Date: "6 Jun 2022 00:22:29 +0200"
Subject: "T.HALK BANKASI A.S.Hesap Ekstresi"
Attachment: "Halkbank,doc.r11"

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92c7a55d2ba606da51555135c33d2d923202ea2e2da59663f934ce5e67a98948/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-06-05 22:43:09 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
18 of 41 (43.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sld2kxjluydnuukvke24gpjnsizaf2rofwszmy7zgthf4z5jrfea._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220606-jktaksefe5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/92c7a55d2ba606da51555135c33d2d923202ea2e2da59663f934ce5e67a98948

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 92c7a55d2ba606da51555135c33d2d923202ea2e2da59663f934ce5e67a98948

(this sample)

SnakeKeylogger

Executable exe 32df08aad657ce92e28ff241d127158682cfea1d9260ba44fc5b06bcf4ac7612

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32df08aad657ce92e28ff241d127158682cfea1d9260ba44fc5b06bcf4ac7612
  
Dropping
MD5 930239512c4894548b0aae3a03af7abf

Comments