MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e
SHA3-384 hash: ed87ad2428e5d8f03a74859524939d08e53ba641a6ca47ad1fb01614ae2235f9c2ea9cf35630a2d1624386ea515b170b
SHA1 hash: 2b688a8c62690fa7db350aedb0438c1a191e1136
MD5 hash: dd994fc31a9eec6d8ff4a1d25cd55248
humanhash: september-robert-jupiter-venus
File name:BOOKINGS COPY.zip
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:482'492 bytes
First seen:2022-09-28 08:41:31 UTC
Last seen:2022-09-28 09:05:45 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:5O+I548Zzw8u6ju6movNA7pmRAJ8rDzgHqq3vrQ+:84S5u+gwNUpWrDzg3c+
TLSH T18BA423DCB8ADEE5496EA7C3E196D4875A89CC712B12B02D1090E6E16332D857CDC287F
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:SnakeKeylogger zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Surjit Singh - DSV<surjit.singh@in.dsv.com>" (likely spoofed)
Received: "from in.dsv.com (unknown [45.137.22.109]) "
Date: "19 Sep 2022 10:13:53 +0200"
Subject: "RE: CIF SHIPMENT ID: SIX98000440// LUDIANA-MUNDRA-GENOA// SHIPPER: PROVIDENCE TEXTILE// BOOKING# 13043808"
Attachment: "BOOKINGS COPY.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
431
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.42183.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
fareit fingerprint packed
Link:
https://www.filescan.io/uploads/633408dbd089a0c15dd289fc/reports/86db4eab-2638-4f40-ba1a-f25664f2d804/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-09-19 12:36:00 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
28 of 40 (70.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u7xyqtc7i2dnfpxasp25gka7my6o3afmpkuojjk3sqipn65w2fpa._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220928-kl1lqafdf6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot5495243543:AAG3XPeGW7yqfXF6_EXjGSfO9SWHJTpqVsU/sendMessage?chat_id=1128973051
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip a7ef884c5f4686d2bee093f5d3281f663ced80ac7aa8e4a55b9410f6fbb6d15e

(this sample)

SnakeKeylogger

Executable exe 95a8a282c63519dd06221d4dbd73ac3cf503eb0a7fbcc864ff359871aa244744

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95a8a282c63519dd06221d4dbd73ac3cf503eb0a7fbcc864ff359871aa244744
  
Dropping
SnakeKeylogger

Comments