MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562
SHA3-384 hash:	30772f2bbc3a7b67d2e75dae51a91857e4e6b16122c5215b7e8a4ebac760b26976b1dbaaf6f55def6bf658061cb0b5df
SHA1 hash:	36fd0371c9c0d337839b015f49b716bd4b5921d5
MD5 hash:	45c81edde318f3b548503f30c011a909
humanhash:	robin-leopard-fix-edward
File name:	ENQUIRIES.rar
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	688'802 bytes
First seen:	2023-03-28 17:43:32 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:/JiubeuvIbK+HEg2Wc20mgCJCBdnYOQJJMUQmAn9gPGp:/JiSeu4H2WX0mgCJCrYdJJQn9gep
TLSH	T1B7E423F21302175F17C6A9B88EFDA2012C7315EBD51DF02BCD66289BC2D81A575ED82E
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter	cocaman
Tags:	rar Shipping SnakeKeylogger

cocaman

Malicious email (T1566.001)
From: "Shipco <sales@albahralfakhershipping.com>" (likely spoofed)
Received: "from albahralfakhershipping.com (unknown [193.42.33.214]) "
Date: "28 Mar 2023 08:40:50 -0700"
Subject: "INQURIES"
Attachment: "ENQUIRIES.rar"

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

n/a

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	J9qkUXQDXrk8skj.exe
File size:	769'024 bytes
SHA256 hash:	f5fa7b886b1a16ab02b7edf918ece0bc04daca0a9e933b3bf63330f69d8db6c2
MD5 hash:	c890149afd84b9f0530aa25d5b37dad4
MIME type:	application/x-dosexec
Signature	SnakeKeylogger

Vendor Threat Intelligence

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

comodo formbook packed remcos

Link:

https://www.filescan.io/uploads/6423276680ca4ca1ff59dcc8/reports/951f6b05-ddba-4f91-ac90-016023b0c055/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562/

Threat name:

ByteCode-MSIL.Trojan.Pwsx

Status:

Malicious

First seen:

2023-03-28 17:07:38 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 37 (21.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wjuj32wac2pf54fxvexx6bqbyfvlfbe3on26qyoy2dbm4h2gavra._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Password Stealer

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/b2689deac0169e5ef0b7a92f7f0601c16ab2849b7375e861d8d0c2ce1f460562

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.