MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0ad9a54d92f033a7a7bcf95d3eb089f82cdfe5b0b894002c1a19656fb7d9d56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0ad9a54d92f033a7a7bcf95d3eb089f82cdfe5b0b894002c1a19656fb7d9d56
SHA3-384 hash: e7516351e57514b9581629b4c05713f7388a1ab5e344d7f28fe07c5e7d53cfdb23a3fef62888a4bda0123affe34e19f1
SHA1 hash: 60f24f9d0d3e8547b89d81fea69eed95b5ffb1a2
MD5 hash: 97b786c965bccc31de0e8b83d6aee6ea
humanhash: juliet-white-colorado-victor
File name:RFQ Q7171.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:470'943 bytes
First seen:2021-02-11 13:07:48 UTC
Last seen:2021-02-12 07:01:48 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:SJSbiGwuot40w8lLJdR8ZW22pWfojfdkr+:SY2LuD0w6nR8ZHEx
TLSH 16A423967C58AA3CAA1931077EC770511FF0B7482D2CDBD415793870E8A3B9BA0A78DD
Reporter abuse_ch
Tags:rar SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: longdogranch.com
Sending IP: 103.99.1.142
From: lueCrystal Trading LLC <Judy@longdogranch.com>
Subject: Re:RFQ (Q7171) URGENT
Attachment: RFQ Q7171.rar (contains "RFQ Q7171.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0ad9a54d92f033a7a7bcf95d3eb089f82cdfe5b0b894002c1a19656fb7d9d56/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 16:03:36 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycwzuvgzf4btu6t3z6k5h2yit6bm37s3boeuaawbuglfn635tvla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0ad9a54d92f033a7a7bcf95d3eb089f82cdfe5b0b894002c1a19656fb7d9d56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar c0ad9a54d92f033a7a7bcf95d3eb089f82cdfe5b0b894002c1a19656fb7d9d56

(this sample)

SnakeKeylogger

Executable exe 5202a2ffe0b88802b22d6cd5009aed17424b969ee0a69d34848d0b1dc1818a33

  
Dropping
MD5 e61c9c140e20b77a895c1365d8241351
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5202a2ffe0b88802b22d6cd5009aed17424b969ee0a69d34848d0b1dc1818a33

Comments