MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbfe4dca9d74d291c2f72c841fd4c1cc354111f12a001d527c11a27f63efe985. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbfe4dca9d74d291c2f72c841fd4c1cc354111f12a001d527c11a27f63efe985
SHA3-384 hash: 66fec44057db3c3f1f42d324c948bbe80010f2ccf6393b87b3504bcd09118b462f6fd788c4e4bbf1c2a36c0ec45efd04
SHA1 hash: bc4407be2f8900d77a7be5fb88c26321c755fb6a
MD5 hash: b07ca070e391ebe776259bc8ee6cae25
humanhash: item-hawaii-washington-friend
File name:payment-copy (2).gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:315'210 bytes
First seen:2021-09-28 08:34:28 UTC
Last seen:2021-09-29 06:27:51 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:3IXCoUsBnQzISZC4LtZgfhEOKqYvddlWHt6sem/1wb8DX/29gswvb+Iv:3CCQnQxCigfecYv4Njem/qSX/29g/+Iv
TLSH T16064239B170AD38D6BCF968CCFDC95DE3AEC2122A4434239047EA635DB8D860F6D9474
Reporter cocaman
Tags:gz SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "sales@eagledis.com" (likely spoofed)
Received: "from eagledis.com (unknown [45.137.22.147]) "
Date: "28 Sep 2021 12:05:23 +0200"
Subject: "payment-copy"
Attachment: "payment-copy (2).gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbfe4dca9d74d291c2f72c841fd4c1cc354111f12a001d527c11a27f63efe985/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 08:35:09 UTC
AV detection:
14 of 45 (31.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xp7e3su5otjjdqxxfscb7vgbzq2uceprfiab2ut4cgrh6y7p5gcq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210928-kg29rabcbr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/bbfe4dca9d74d291c2f72c841fd4c1cc354111f12a001d527c11a27f63efe985

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz bbfe4dca9d74d291c2f72c841fd4c1cc354111f12a001d527c11a27f63efe985

(this sample)

SnakeKeylogger

Executable exe a015aa57b2e361f3b8e160f62783aa8dcc602a6798031bcb5112d77890d0b4fa

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a015aa57b2e361f3b8e160f62783aa8dcc602a6798031bcb5112d77890d0b4fa
  
Dropping
SnakeKeylogger

Comments