MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97c4048a24673f2d7bcdebc7f0d154891163f842e778ea0503e26c135450f528. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97c4048a24673f2d7bcdebc7f0d154891163f842e778ea0503e26c135450f528
SHA3-384 hash: e339e47c692cddfc2d99a4655f01a10cb81d295531ec33915db370af72790965399b432ac788e2856f897a4a9968cc42
SHA1 hash: 42158ff1a4b4cc19b44cc9c9dfdf734dc751fb60
MD5 hash: c2414f8c1e8dfc09faa5494848c65c7f
humanhash: mirror-iowa-red-five
File name:DHL Shipping Documents PO1001910 .exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:742'912 bytes
First seen:2021-02-24 06:40:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:DxN/oWdFhlvvM3TSzeuzQn1vpXNbbHd4fXXcXO8G58Pyvl3C7jrXIH:XhWTSzezNbb94vMe8aklvX
Threatray 16 similar samples on MalwareBazaar
TLSH 0BF4AE2432885B5EF43EFB3A9605140FE3F97A47D719CA8B7D8941CF1C26E8487A5B12
Reporter abuse_ch
Tags:DHL exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL Shipping Documents PO1001910 .exe
Verdict:
Malicious activity
Analysis date:
2021-02-24 06:43:54 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/b3262ea1-06eb-4246-a256-21c769f8c233

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/118819/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/616175
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
May check the online IP address of the machine
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AntiVM_3
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97c4048a24673f2d7bcdebc7f0d154891163f842e778ea0503e26c135450f528/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 06:41:09 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7cajcrem47s266n5pd7bukureiwh6cc454oubid4jwbgvcq6uua._file
Verdict:
unknown
Similar samples:
09590e393fa08d0c6f99e9f5df1235c700e53f48f0c0941ed1a4a5e4035a5624
SnakeKeylogger
6ba09bf0b6f9ed13f6600679a0c81cc79dc1461213798b606178f3815078aedd
SnakeKeylogger
6e027a958577efeae259befdc9aabf5656088885342e896673d005e748367743
SnakeKeylogger
98a53af9d196562466ac85faa2c1c4c62d4646f9c3e1040df4396e08adbe3a1f
SnakeKeylogger
ae1bb452d80ac991a91861b13755c4f5c13b006c714cddcc5e03ae7263092e01
SnakeKeylogger
b74b71499c1f837020761b5b707322c697d83b52ccb4c96b37575e193da0cf23
SnakeKeylogger
bc88c73fda9a2ef51f979d2368a1039a04a0ce8199dc46b9f992a9ffacf58d8c
SnakeKeylogger
c346d3a0a6b975f4d663c2640bd6bd8fe0f0028b31420b68b5a585fec69eafc9
SnakeKeylogger
cd92e28557e13a857a9166209afd4f5e64f477e25a4189904f54063b69847013
SnakeKeylogger
d0330a3b06b8e087a69c98583ab2f3858c82d09b3cbee3c8732e0d06b595ddef
SnakeKeylogger
+ 6 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210224-t8yagshk26/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
e624003658c4f8b349f567c82229fd15d1e63d3d20fe6f7b4388403038cd2a44
MD5 hash:
b6ce7c1d81b9271eab825ea63de154c3
SHA1 hash:
0e7b89555314f8908c1098b652c9bf50e5ecc27b
Link:
https://www.unpac.me/results/1efc8103-2ade-446d-be47-fb2bf12db501/
SH256 hash:
97c4048a24673f2d7bcdebc7f0d154891163f842e778ea0503e26c135450f528
MD5 hash:
c2414f8c1e8dfc09faa5494848c65c7f
SHA1 hash:
42158ff1a4b4cc19b44cc9c9dfdf734dc751fb60
Link:
https://www.unpac.me/results/1efc8103-2ade-446d-be47-fb2bf12db501/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 97c4048a24673f2d7bcdebc7f0d154891163f842e778ea0503e26c135450f528

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118819/

Comments