MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98aaea21babe6e4a949412f6a0ae39df3c9244c2a7a483ef305b00f77135e87a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98aaea21babe6e4a949412f6a0ae39df3c9244c2a7a483ef305b00f77135e87a
SHA3-384 hash: d1498dbab16d15275ea79c7a105bb00ef7fdd784248860428ea5c246e36122d76a5e8b4c1b9e2895d1f652f71727ceec
SHA1 hash: 44dd6fa2a1a3e2520be5dd7f54f6123451df9f0d
MD5 hash: 0d2a5cbd3ca5c57c435c3be06449f85d
humanhash: tango-aspen-five-florida
File name:Invoice copy payment no567321____________pdf.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'153'536 bytes
First seen:2021-03-16 14:59:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:iLUUnKq5oKia5GBQLn8aPbdmWLrlLHKRQ/LeQbQyrTqB/aWSeMzSHlR1:iboKfc/aPbdmMBqRQzkyrTq5D4elD
Threatray 15 similar samples on MalwareBazaar
TLSH C4359C22E694AB70F03973354472133143FDAD0A9665E7BD7D8871DA08B5AC086F7EB2
Reporter madjack_red
Tags:SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Invoice copy payment no567321____________pdf.exe
Verdict:
Malicious activity
Analysis date:
2021-03-16 15:30:06 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/4f1e58a8-0ebb-475d-b570-c473a6d506c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.580.6911.28996.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e4360414-ad61-4630-b710-9bc288385ac0
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/640875
Signature
.NET source code contains potential unpacker
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM3
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98aaea21babe6e4a949412f6a0ae39df3c9244c2a7a483ef305b00f77135e87a/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 09:22:41 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tcvouin2xzxevfeucl3kblrz346jergcu6sih3zqlmapo4jv5b5a._file
Verdict:
unknown
Similar samples:
02cd534cf863894a7f2fc488ba077a5e95d31bdddea93de4019c7a9159ac1375
SnakeKeylogger
1857e9e122dd752766c9092043606a957e4e9d56d3ea043b63053054285c1cb4
SnakeKeylogger
65b6cc575eac7e69ccec2d892f7abd25965a301c4b02a7d82a977918edf3b16c
SnakeKeylogger
703170d16b28086934737a474038f62654f595f1f5b30b0115806187022d1df6
SnakeKeylogger
82ce655e59a38e2b2cfd54a152c963b6854cdc0e1e2bd9d83c32f3c989268ed5
SnakeKeylogger
9afbedb7d1a76e7bd59441e83ec3124af0e16244870e61743cd590a64513c0c1
SnakeKeylogger
aa9692c1769e25297176b847f4274570c56c4d74f4577608bd036e72d82d5bdb
SnakeKeylogger
b5f0e20f9980ba833f56a6bbe1e0e3deea46e566c0eab83a473c4705e2b295d6
SnakeKeylogger
c9b11315a65d68d5577ca5b762e4d5d16f660b1ffde12cd5192c9717747a63ca
SnakeKeylogger
ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e
SnakeKeylogger
+ 5 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210316-kyxwl13cxn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
2b43013edb5706a946f4e523a1a219b31fe2a7e05c48884c048882b3c1327655
MD5 hash:
b7159eb14fe565d4e233604b629bbd8a
SHA1 hash:
64f82c67e6c7cbc078141162a49bffcee3d9ebb9
Link:
https://www.unpac.me/results/fb7bf6f0-a6ab-4a4c-8373-3dc3a2594923/
SH256 hash:
98aaea21babe6e4a949412f6a0ae39df3c9244c2a7a483ef305b00f77135e87a
MD5 hash:
0d2a5cbd3ca5c57c435c3be06449f85d
SHA1 hash:
44dd6fa2a1a3e2520be5dd7f54f6123451df9f0d
Link:
https://www.unpac.me/results/fb7bf6f0-a6ab-4a4c-8373-3dc3a2594923/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/98aaea21babe6e4a949412f6a0ae39df3c9244c2a7a483ef305b00f77135e87a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments