MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5b96d959688b8a5bfa8b66d4e45788f11967380e7b681303824a31a89b542ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5b96d959688b8a5bfa8b66d4e45788f11967380e7b681303824a31a89b542ec
SHA3-384 hash: c292a8d1e0b6ff178b93d93b25ff7e0e5bd592fbe62946a7a0986e18a74c4833f21000f310aff82c70303728f86adeaf
SHA1 hash: 99ab890a1e14e2d656c2fbe0bd3479e93c621c55
MD5 hash: cf234b79fce873bc3b254bfe55b94b0e
humanhash: winter-december-mountain-earth
File name:Purchase Order No-1021332021.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:685'056 bytes
First seen:2021-03-03 18:01:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:pbrX6HjW41Mo62UZ8LtMKd+HaYQNludsLyYsuT0qNk5UYZy3SItj2:hrX6DWYZoZ8xMuyEHy0ikYZy37tC
TLSH 37E42399579834EE58FB22B8C3261816704E82771E79ED7F127B111BE07A4129C1BEFC
Reporter abuse_ch
Tags:gz SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: mail.kavatdintl.gq
Sending IP: 188.166.173.223
From: Hernández Fernando <bruno@kavatdintl.gq>
Reply-To: harryalexsector@gmail.com
Subject: Purchase Order No-1021332021.
Attachment: Purchase Order No-1021332021.gz (contains "Purchase Order No-1021332021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5b96d959688b8a5bfa8b66d4e45788f11967380e7b681303824a31a89b542ec/
Threat name:
ByteCode-MSIL.Trojan.XetimaLogger
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 18:02:09 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ww4w3fmwrc4klp5iwzwu4rlyr4izm44a463icmbyesrrvcnvilwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/b5b96d959688b8a5bfa8b66d4e45788f11967380e7b681303824a31a89b542ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz b5b96d959688b8a5bfa8b66d4e45788f11967380e7b681303824a31a89b542ec

(this sample)

SnakeKeylogger

Executable exe 39e81319c42824a9c1efb6755cf6159790bffd5d7ea7e5eaedeb00f08bddaa35

  
Dropping
MD5 55b93730751ddfd6eeaba00fe9128390
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39e81319c42824a9c1efb6755cf6159790bffd5d7ea7e5eaedeb00f08bddaa35

Comments