MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e
SHA3-384 hash: eb52c20b868b8f9f7286493bb20400dd9178f0791075451ae72af807e56a4e8fc762f85b4732e6cb6b9a139ce9711983
SHA1 hash: 40e6b0e10b1639ae0d7065255ed0604692710edb
MD5 hash: f8c736845e437dc603f94edf41dec237
humanhash: apart-video-double-steak
File name:f8c736845e437dc603f94edf41dec237.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:31'960 bytes
First seen:2021-04-11 07:54:36 UTC
Last seen:2021-04-11 09:03:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:jb8Z6RrE8ed2fYLOsEXt31niU9cLzfce5h:/E8e5sXt35iNfF
Threatray 23 similar samples on MalwareBazaar
TLSH 0EE27D10AFE8811CFBEB5BB33BF04BA02B32BB115411DE5A5504C3CC5952FA558B6A3D
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
276
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f8c736845e437dc603f94edf41dec237.exe
Verdict:
Malicious activity
Analysis date:
2021-04-11 08:00:28 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/bd221d0a-ea0c-480a-8a91-ac8bc8627d27

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/133550/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36677915.16996.20981.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a file
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1d49f786-0464-4868-9abf-9a4defd43dbc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/672178
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-11 00:15:51 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v6pczdnkaaqr2mbudeitkie6ng53fszoncly5kflcvz2z2xayf7a._file
Verdict:
unknown
Similar samples:
14ed067ebed5e73f60f05d9c139be977437f1a14c01c9b19955d5a9ab387033b
SnakeKeylogger
404f5e208504a3cc7541fffb203db6bd135373f0ae0b9dc88d84e57464539dc5
SnakeKeylogger
61c31b3775cf5192df4442fbd308d7164fbaaeaea4a6a43dab2197b702af30e6
SnakeKeylogger
9976d3013192eccd033fd429c7d9a14c2c144b8d1469d2b19fa2d6016aa74a1c
SnakeKeylogger
998273c5925d08f9eaa0aa3de2d044e1b6f4bcb304d0d5c41971e4ac23ba5745
SnakeKeylogger
a7686157bc950dfe9b30e3ac09f1138107d28dc071b5345561dead285b685c97
SnakeKeylogger
b171719722a54335ca4f114ced5ff4a8af8e542a6114221df8a9c884d254ee03
SnakeKeylogger
cfa46220d1b96e515eedbb82a0285229467f377ede30f732f7f6c48caba3ae1e
SnakeKeylogger
e1eda5c9ef3158ecc5dabc82b244def26c0a938c797a1c97752ff32505b0f048
SnakeKeylogger
e88c90bd34759e75f02ca1b3413916e7e3bab94daa1fbb540cf87cb79000164c
SnakeKeylogger
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210411-tcywc9fcz6/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e
MD5 hash:
f8c736845e437dc603f94edf41dec237
SHA1 hash:
40e6b0e10b1639ae0d7065255ed0604692710edb
Link:
https://www.unpac.me/results/b6ed4397-efe8-4815-9a6e-b5d29ca7459d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SnakeKeylogger

Executable exe af9e2c8daa00211d3034191135209e69bbb2cb2e68978ea8ab1573aceae0c17e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1104307/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/133550/

Comments