MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3f32cddfda079270fc1d233d3b48577ef3dc3a8d5fc81bc3cef64102357d5cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3f32cddfda079270fc1d233d3b48577ef3dc3a8d5fc81bc3cef64102357d5cd
SHA3-384 hash: b6074a2a23ddaa99b3567f2b3215b91abd2549644357051648d41e9b04c16648a6a845ccf0b947fadfaa7701fed38442
SHA1 hash: 1d7a3c5e9ba2014b43d5c47e1f60d7da423c11c9
MD5 hash: 26bd5cbfc33453e4b25d7fa2afef68ba
humanhash: ohio-robert-pasta-snake
File name:SOA.r00
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:421'753 bytes
First seen:2021-09-27 10:21:41 UTC
Last seen:2021-09-27 10:30:42 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:mC+OsmqlfT7yDdTJWjcwKyAF5B7iYWdYB042b:jsmBhTsjc3yE5MN/
TLSH T1AD94230F09E88E35AA44E486FD1E160B9CCDBFD3EFAB9234335926D66014C4F7D56A44
Reporter cocaman
Tags:r00 SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Accounting6@rz.jo" (likely spoofed)
Received: "from rz.jo (unknown [185.222.58.120]) "
Date: "27 Sep 2021 12:26:30 +0200"
Subject: "SOA of SEPTEMER 2021"
Attachment: "SOA.r00"

Intelligence

File Origin
# of uploads :
3
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3f32cddfda079270fc1d233d3b48577ef3dc3a8d5fc81bc3cef64102357d5cd/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-09-27 10:22:08 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=upzszxp5ub4sod6b2iz5hnefo7xt3q5i2x6idpb455sbai2x2xgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/a3f32cddfda079270fc1d233d3b48577ef3dc3a8d5fc81bc3cef64102357d5cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

r00 a3f32cddfda079270fc1d233d3b48577ef3dc3a8d5fc81bc3cef64102357d5cd

(this sample)

SnakeKeylogger

Executable exe 75b6cd16095479799e88f8b51cf417d8334a9745f6a7aa463750fec760bf2106

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 75b6cd16095479799e88f8b51cf417d8334a9745f6a7aa463750fec760bf2106

Comments