MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94610f2fb772a18b06b4b3533a485924d7488800b84e18cfb8d017944a5c5fa2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94610f2fb772a18b06b4b3533a485924d7488800b84e18cfb8d017944a5c5fa2
SHA3-384 hash: fdf8b3690e96108fa7e702c18765491ec9ef7d52028be40ebd2a50cef66abda2d02ce9980407cdac2a1475485974b725
SHA1 hash: d4753a212ce4725d7112f8285e20350d93cc1596
MD5 hash: 92af34c08d00bc9e133b98161f557b8c
humanhash: edward-high-early-ack
File name:Proforma Invoice.img.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:317'228 bytes
First seen:2022-01-20 13:39:53 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:QBHitA6+v+w+qXf2iM14CLAIyoS6lqNcxIcwdHDUIo+hA/6yy2g:QBiA9SM+iMczJrNcxIcwpFoEASyy2g
TLSH T1E06423DF8023D5BB34E54BBBAE3218DF84EC18DE62914E54380CEA56AF942C76633715
Reporter cocaman
Tags:gz INVOICE SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: ""Sara LIANG" <beenjau@ms38.hinet.net>" (likely spoofed)
Received: "from postfix-inbound-v2-3.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "20 Jan 2022 11:54:12 +0100"
Subject: "Re: Payment Request"
Attachment: "Proforma Invoice.img.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1165.12106.16601.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated overlay packed print.exe update.exe
Link:
https://www.filescan.io/uploads/61e96637d32385db630f0b1f/reports/170948e4-eb0d-49be-b68c-94a4c98c30c4/overview
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94610f2fb772a18b06b4b3533a485924d7488800b84e18cfb8d017944a5c5fa2/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-01-20 13:40:13 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=srqq6l5xokqywbvuwnjtusczetlurcaaxbhbrt5y2alziss4l6ra._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220120-qykc6aabgq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/94610f2fb772a18b06b4b3533a485924d7488800b84e18cfb8d017944a5c5fa2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz 94610f2fb772a18b06b4b3533a485924d7488800b84e18cfb8d017944a5c5fa2

(this sample)

SnakeKeylogger

Executable exe c2a7ebe98ead78ed4321228c7bec26a70224cfc471abb3f263d71347a2ec617c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c2a7ebe98ead78ed4321228c7bec26a70224cfc471abb3f263d71347a2ec617c

Comments