MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995
SHA3-384 hash: 31438d7fbe3f3d58ea494029ff33c4cf66a333eb8405a0a815343026f61fe9c43c29b14d3180707920083e5cd1185cd2
SHA1 hash: acdcecea1cdd7d215fd97b8323715ee0d5365897
MD5 hash: f1a68e045db072db6cc5ccfca53b5b11
humanhash: lima-steak-fish-mississippi
File name:BANK INFORMATION.lzh
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:621'231 bytes
First seen:2021-08-10 06:54:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:yDTR+PauuhVbdDtuki8QlXQze5rQ+ucgOXOXQexnymW3hJ+lcet:ycPauu3httbQlgyS+ucgOXOfnyIlH
TLSH T199D423EAE5D16F3E5325A88D4735A7D5C47B52CAD206E30B74C934834802E3BF7E62A4
Reporter cocaman
Tags:lzh rar SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "LindaCheng <rltalentchina@163.com>" (likely spoofed)
Received: "from 163.com (unknown [185.222.58.146]) "
Date: "10 Aug 2021 08:36:03 +0200"
Subject: "RE: FW: TRANSFERENCIA COLCHONERIA Y MUEBLERIA USD24,669.27"
Attachment: "BANK INFORMATION.lzh"

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995/
Threat name:
ByteCode-MSIL.Worm.LovGate
Create hunting rule
Status:
Malicious
First seen:
2021-08-10 06:55:08 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2k4hoghe67xngu67cjmil7supwz7z3e2mux6mqu44k6eq6gtgkq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210810-v4lx1lzcje/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995

(this sample)

SnakeKeylogger

Executable exe 46ace3d6e4ad85d164526928dfc1827743f1f9caa7b46d342e211b807afaf55a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46ace3d6e4ad85d164526928dfc1827743f1f9caa7b46d342e211b807afaf55a

Comments