MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a70f5adb24ac382ea45b16f0aeeaac77527b6030830c9311e740cff574914c8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a70f5adb24ac382ea45b16f0aeeaac77527b6030830c9311e740cff574914c8d
SHA3-384 hash: 58d9693d3de9bc30d9f5f781fa920f1efa2dc3d401727a82429044af7970604f0467bed503e6798215e24fc17b338bb7
SHA1 hash: 276a6e644d8ec5b8740768bf2c1100669a3cc604
MD5 hash: 4c7b4258dd73651a25065fa125c764a9
humanhash: quiet-massachusetts-lactose-river
File name:Document_9073782911, pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:907'264 bytes
First seen:2021-02-26 06:14:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:VEtE9DZ5omtnGwII4JCAz1koEKyiNl13CVGir9YodCVzsUaiy+9lyAKp:9ptnlB4cmy6150NdCVzNtD9lWp
TLSH C915CF1030B947C7E5BD4BF61459A11013F5359EB29EE61E2ECE33EB2673742460AB2B
Reporter abuse_ch
Tags:DHL iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: obiwan.aserv.co.za
Sending IP: 154.0.168.134
From: DHL Express Cargo <NoReply.ODD@dhl.com>
Subject: Re: DHL Cargo Delivery
Attachment: Document_9073782911, pdf.iso (contains "Document_9073782911, pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a70f5adb24ac382ea45b16f0aeeaac77527b6030830c9311e740cff574914c8d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 06:15:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u4hvvwzevq4c5jc3c3yk52vmo5jhwybqqmgjgephidh7k5erjsgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso a70f5adb24ac382ea45b16f0aeeaac77527b6030830c9311e740cff574914c8d

(this sample)

SnakeKeylogger

Executable exe 535f700b87db581079023ba508113844341b8662810dc67d0607bc7b3b589ff2

  
Dropping
MD5 401e50ddfa5b5ed2950bf293fbf2524f
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 535f700b87db581079023ba508113844341b8662810dc67d0607bc7b3b589ff2

Comments