MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b396a85d3f30245a01b4eaec6c369b6753adaae44f7574d443ce83f5d1d4332f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	b396a85d3f30245a01b4eaec6c369b6753adaae44f7574d443ce83f5d1d4332f
SHA3-384 hash:	824c00f707d8a0f170ecbcad0b1317a267323b2c4f5b89f6b6d359f68d7fecad0c8b5e04fd3a87858e5fd77b419abc98
SHA1 hash:	f428dd459690d4cbe76f7bf252a239f0fd42f931
MD5 hash:	532b34cabdbca2554ef8249e7c0b1421
humanhash:	october-beryllium-colorado-twelve
File name:	04142021_10RD0207S0N0000,pdf.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	312'320 bytes
First seen:	2021-09-13 12:15:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2c58cc87277520c45be866d28ef20045 (2 x AveMariaRAT, 2 x AgentTesla, 1 x Loki)
ssdeep	6144:xivbiLAlmZrKB+0r25RP5EUrnFcY0s9tyBtMpE+O17krP4sUUj4neFMje:fnmB+0KfSUrnX0CtyohO5kbj4u
Threatray	1'861 similar samples on MalwareBazaar
TLSH	T19A64CF1673A5EAA0E09848B53446EBA29110BC7D166FE453B3C03B6F39317DE8A53F47
Reporter	malwarelabnet
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

04142021_10RD0207S0N0000,pdf.exe

Verdict:

Malicious activity

Analysis date:

2021-09-13 12:16:30 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/00380c53-5684-4a8d-85c5-41ad1466dc91

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/187454/

Detection(s):

SecuriteInfo.com.BackDoor.SpyBotNET.25.1576.27041.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/61750134db358dd15ed91ba9/reports/e406ab7a-f78c-4b9b-8717-30dd49bcf4c4/overview

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/876da786-31f4-4e13-977f-cb0aef0438cb

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

spre.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/849758

Signature

.NET source code references suspicious native API functions

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Maps a DLL or memory area into another process

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Sigma detected: MSBuild connects to smtp port

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Yara detected Snake Keylogger

Yara detected Telegram RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b396a85d3f30245a01b4eaec6c369b6753adaae44f7574d443ce83f5d1d4332f/

Threat name:

Win32.Trojan.LokiBot

Status:

Malicious

First seen:

2021-09-13 02:44:55 UTC

AV detection:

16 of 45 (35.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wolkqxj7gasfuanu5lwgynu3m5j23kxej52xjvcdz2b7luougmxq._file

Verdict:

malicious

SnakeKeylogger

62488642461ae96d137e5f3a8cadecc900975889cc9f2c8b94894ba0cf1204c6

SnakeKeylogger

88fb6e9f1807b8010816165def64d336f7097517dfc773fc3ab39ff9868cec18

SnakeKeylogger

8ec22a18a5d2317b14ad0d9023f19c88e37eac1186a425c83a2f69ed366aabc2

SnakeKeylogger

91e8763b50b0155b4984134d95d36fb9d92bca3a5db8d37bb75ff8faf88dbc63

SnakeKeylogger

dc157362e9c0469b3d8909770c5879a1e5cbaa6ae5e0d8203c536cbce6131901

SnakeKeylogger

f8ade39a8a4d146876556bcd93a09dc4b2f1ffe5adb33cf25f633171ba1f66f4

SnakeKeylogger

+ 1'851 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger stealer

Link:

https://tria.ge/reports/210913-pfgc4sgfhp/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Snake Keylogger

Unpacked files

SH256 hash:

00b76558e8ae0fb293cf67523512ac6d70aaf86d8d7b3ad084abcc7ee4a88f25

MD5 hash:

60d9a075279e24d16a1ea042cbf0184b

SHA1 hash:

a3a2b3ec36c4b765d78f3bddc1ec16da49799544

Link:

https://www.unpac.me/results/07ed2137-16a7-4c22-a083-3f1cdfdeb4e3/

SH256 hash:

b396a85d3f30245a01b4eaec6c369b6753adaae44f7574d443ce83f5d1d4332f

MD5 hash:

532b34cabdbca2554ef8249e7c0b1421

SHA1 hash:

f428dd459690d4cbe76f7bf252a239f0fd42f931

Link:

https://www.unpac.me/results/07ed2137-16a7-4c22-a083-3f1cdfdeb4e3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.10

Link:

https://yomi.yoroi.company/submissions/b396a85d3f30245a01b4eaec6c369b6753adaae44f7574d443ce83f5d1d4332f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/187454/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample