MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21
SHA3-384 hash: fc1ea466b0527f88c15b427da90391c153ea9d4998677f50db16d5e17f0d57da39b23d3192e9a6fe7f671fb274233c09
SHA1 hash: 2c11b5422e1089f331651bce0e91a5ec859c2fe6
MD5 hash: 2dbf683f40910fdffe5c3b71a02f3030
humanhash: failed-mirror-fish-high
File name:SOA-MARCH2021.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:516'111 bytes
First seen:2021-04-19 06:43:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:88gEG5BZBZsd7KNKOGn4Hw1zE3pNJxySAKy8GCUl4qpv+PRk7r0XVj+i+:88OTByd7Ksf4QiZXV3yaUlwm7YXM
TLSH 0DB4230B7DEAA6706B0B010B1F28A51325C620DF7EA584CD6FAE0552D17CDD3A2B197F
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Edith WANG <edith.wang@bureauveritas.com>" (likely spoofed)
Received: "from bureauveritas.com (unknown [185.222.58.156]) "
Date: "18 Apr 2021 16:00:52 -0700"
Subject: "SOA -MARCH 2021"
Attachment: "SOA-MARCH2021.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sv4ehn6c6tmlmdakhlhzgfbrzgofvejssqw54rbt5nmq2irm7yqq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210419-qrdalntpyj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar 957843b7c2f4d8b60c0a3acf931431c99c5a9132942dde4433eb590d222cfe21

(this sample)

SnakeKeylogger

Executable exe 36b13cc741fca2cadbfe95073659e055dac4785163c4d551fade6a9f9237128c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 36b13cc741fca2cadbfe95073659e055dac4785163c4d551fade6a9f9237128c

Comments