MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3d48b488125eea685a55727b665951584ffa5f0d3e9c3fab2d3269994b5a440. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3d48b488125eea685a55727b665951584ffa5f0d3e9c3fab2d3269994b5a440
SHA3-384 hash: 374fa60445e4726b9f155c01a4e3ddf436fd15fabcc9174bf96ef7e7f96177598fa154109810aa70f5cd2597ba216cad
SHA1 hash: 5be9f2465ddff444d3d25bbed24be628e0764e33
MD5 hash: dc2dbedcb604a0651ba8ffb209b43d75
humanhash: hamper-alaska-crazy-bulldog
File name:Introduction Presentation Citi.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:305'799 bytes
First seen:2021-02-02 15:39:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:82VYVC0HF6i2S0e7XqC0LLq/PtVmMm0M7dw/3SsoPcmTY26FFIUb:XVWC0HMRfNLytV40MZEfcY3F7b
TLSH 94542388D36776253783E02C3B19622FE744765DEB91AA4C43D84A092D87CE9BEDCD90
Reporter abuse_ch
Tags:SnakeKeylogger zip


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: air.nseasy.com
Sending IP: 64.37.52.73
From: Elsy Joseph <ejoseph@citiswd.com>
Subject: RE:Introduction & Presentation Citi Solutions Freight Forwarding Pvt Ltd.. /// WCA MEMBER ID: 108180
Attachment: Introduction Presentation Citi.zip (contains "Introduction & Presentation Citi.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3d48b488125eea685a55727b665951584ffa5f0d3e9c3fab2d3269994b5a440/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 15:40:10 UTC
AV detection:
16 of 45 (35.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=upkiwsebexxknbnfk4t3mzmvcwcp7jpq2pu4h6vs2mtjtffvuraa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a3d48b488125eea685a55727b665951584ffa5f0d3e9c3fab2d3269994b5a440

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip a3d48b488125eea685a55727b665951584ffa5f0d3e9c3fab2d3269994b5a440

(this sample)

SnakeKeylogger

Executable exe 137fb0e24fd529a653dc39073e216fc0044ba9ddbb1515d34155b16f9848ce1f

  
Dropping
MD5 e2498fedf6968ce9cc7bc6269d32dd97
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 137fb0e24fd529a653dc39073e216fc0044ba9ddbb1515d34155b16f9848ce1f

Comments