MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90
SHA3-384 hash:	c54c6e2297a5c98493040fe077e2be482baa15afb172bfd85368f28a5e750fbd0580deb10275d6fea66c388ac9c4dcba
SHA1 hash:	b3601eafe8afa5325d23806c20902d64f3c9aceb
MD5 hash:	f2c1cc948703f49b6658450eff1952f2
humanhash:	montana-pasta-indigo-butter
File name:	Panama Canal Authority Forms TG.exe
Download:	download sample
Signature	SnakeKeylogger Alert Create hunting rule
File size:	487'424 bytes
First seen:	2023-12-19 15:09:11 UTC
Last seen:	2023-12-19 16:16:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	6144:lrk2v4+LmNeWHGjsx41RL/AC0P3kPyXTsIMT/RutQ+AJ61T41qNXw3hvYd:lrm+LmNevoCrLk3/XW/wtQ+AJ6C0w3Y
TLSH	T14EA4C091B7D2CA6EE9D24771F4BD40000B36E998F456F70B79AD052E2E76F088A37631
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	abuse_ch
Tags:	exe SnakeKeylogger

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

311

Origin country :

NL

Vendor Threat Intelligence

CAPE Sandbox Snake

Detection:

Snake

Alert

Create hunting rule

Link:

https://www.capesandbox.com/analysis/468509/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.TrojanX-gen.5084.10727.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a file

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Unauthorized injection to a system process

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

lolbin packed remote

Link:

https://www.filescan.io/uploads/6581b250eabaed0701718d65/reports/7b0993c1-1206-4427-8bd9-f7a0cfbc4150/overview

Hybrid Analysis Win/malicious_confidence_90%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Snake Keylogger

Malware family:

Snake Keylogger

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b0b76ebd-bb81-45e5-a24d-99720b2c713f

Joe Sandbox Snake Keylogger

Result

Threat name:

Snake Keylogger

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1364600

Signature

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

Allocates memory in foreign processes

Antivirus detection for URL or domain

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses dynamic DNS services

Writes to foreign memory regions

Yara detected AntiVM3

Yara detected Generic Downloader

Yara detected Snake Keylogger

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.SnakeKeyLogger

Threat name:

ByteCode-MSIL.Trojan.SnakeKeyLogger

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-19 15:10:07 UTC

File Type:

PE (.Net Exe)

Extracted files:

5

AV detection:

18 of 22 (81.82%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xfolsuqf2ayhtsgk4i7hpv7cghybmgwvha6v4fx4kyfvz5gzlwia._file

Threatray malicious

Verdict:

malicious

Hatching Triage snakekeylogger

Result

Malware family:

snakekeylogger

Alert

Create hunting rule

Score:

  10/10

Tags:

family:snakekeylogger collection keylogger spyware stealer

Link:

https://tria.ge/reports/231219-sj14gabdek/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Program crash

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger payload

UnpacMe snake_keylogger win_404keylogger_g1 MAL_Envrial_Jan18_1 MALWARE_Win_SnakeKeylogger INDICATOR_SUSPICIOUS_Binary_References_Browsers INDICATOR_SUSPICIOUS_EXE_DotNetProcHook INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

Unpacked files

SH256 hash:

45c7b64a55dca23ee1239649e03a7c361813dbcfc2a0817b0d8e94c907d6ed4b

MD5 hash:

fb1bc19121c4e190d83672bc71b493f0

SHA1 hash:

c3488b969ba578e28ee360be24b6416425a224a0

Link:

https://www.unpac.me/results/6b315883-8d68-4fa7-a4d7-3ca03f60abc9/

SH256 hash:

cf5420bfe1beb1cb929d8874ce6830997dd8758bb5b6596efcfeaee22bd3137c

MD5 hash:

d410e8ec2b43259fedeb680ce752fcb2

SHA1 hash:

bb00bb1ee6f25b891c9d562cf6ad7b3ce8e40e35

Detections:

snake_keylogger

Alert

Create hunting rule

win_404keylogger_g1

Alert

Create hunting rule

MAL_Envrial_Jan18_1

Alert

Create hunting rule

MALWARE_Win_SnakeKeylogger

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_Binary_References_Browsers

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_EXE_DotNetProcHook

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

Alert

Create hunting rule

Link:

https://www.unpac.me/results/6b315883-8d68-4fa7-a4d7-3ca03f60abc9/

SH256 hash:

9dff4a90bc55a6d56420c42581d62e8941641b9fc6170fbe3ae722981ef4ec5b

MD5 hash:

fa7016587265a6990a650e5206a07333

SHA1 hash:

9cbb566e2345e6f11defb5c3d569f73c3f6e6a45

Link:

https://www.unpac.me/results/6b315883-8d68-4fa7-a4d7-3ca03f60abc9/

SH256 hash:

b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90

MD5 hash:

f2c1cc948703f49b6658450eff1952f2

SHA1 hash:

b3601eafe8afa5325d23806c20902d64f3c9aceb

Link:

https://www.unpac.me/results/6b315883-8d68-4fa7-a4d7-3ca03f60abc9/

VMRay SnakeKeylogger

Malware family:

SnakeKeylogger

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/b95cb95205d0/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI iSpy Keylogger

Threat name:

iSpy Keylogger

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

exe b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90

(this sample)

  

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/468509/