MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa4489386c0f548edec9e32cbb74e7b929656916c8111b31d7deb84c5180151e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	aa4489386c0f548edec9e32cbb74e7b929656916c8111b31d7deb84c5180151e
SHA3-384 hash:	e3b18076bbf07d819c7cac83666b3947da89212d11332e8b781a18db99866ca4f74397fb61fc05ae54d93a7cbba24bc8
SHA1 hash:	2db73412e26956b913dcc532ff63fad9a174d006
MD5 hash:	dc2147f245f6d7a9c8330e8dda832514
humanhash:	undress-floor-saturn-coffee
File name:	PO-09IOIOOUIR.z__.zip
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	10'628 bytes
First seen:	2021-01-18 08:19:14 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	192:Qkp4oRXbKlNvksyJY9wygEZzHuHDZL7PTCBgx336EyewNyhuXM+MnLVdCvwALE:QcYbvkvkwCYl/TkaqWAKf+MnLCv9E
TLSH	F722BF56716B9082F3F3563F0B1319E752AA388B0F4778E9CA29D3663C5B8522DC134B
Reporter	abuse_ch
Tags:	zip

abuse_ch

Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: sales10@tzrising.com
Subject: أمر شراء جديد بتاريخ 18-01-2021.
Attachment: PO-09IOIOOUIR.z__.zip (contains "PO-09IOIOOUIR.exe")