MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c11a18e448b301e2163a3e389a4a1f411270ef2e538eaea04935502c53012979. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c11a18e448b301e2163a3e389a4a1f411270ef2e538eaea04935502c53012979
SHA3-384 hash: 536f62a4e67961708ee1d88eda419cd4ffe4bc963e4f8caa58274c82e4a6f6ed587b9e255e7dac91b745b483da8166eb
SHA1 hash: cd14027b2bfdf077f8b5a33aabd7868479d4cd43
MD5 hash: fa5ac4c3b4bd9c6e89dfc40ad4eb9da0
humanhash: enemy-one-kentucky-alanine
File name:Shipment Document BL,INV And Packing List,pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'193'984 bytes
First seen:2021-03-10 07:54:10 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:skjYkAd0WajYkAEjYkA1uvfiSQp+fHZ5smUCQMGqEM1LvEYww2chyplvbVVjYkA/:3i0jnA6idp+fHZ2r6PNUw2cUvnrA
TLSH 0C45BF6262448750E4382F74643199B043E7BE89BB39F80E7CEA3D5F7B739C28635616
Reporter abuse_ch
Tags:DHL iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: ws39.host4g.com
Sending IP: 190.210.9.45
From: DHL Express Cargo<delivery@dhl.com>
Subject: DHL Shipment Notification
Attachment: Shipment Document BL,INV And Packing List,pdf.iso (contains "Shipment Document BL,INV And Packing List,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 07:55:08 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yenbrzciwma6efr2hy4jusq7iejhb3zokohk5icjgvicyuybff4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/c11a18e448b301e2163a3e389a4a1f411270ef2e538eaea04935502c53012979

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso c11a18e448b301e2163a3e389a4a1f411270ef2e538eaea04935502c53012979

(this sample)

SnakeKeylogger

Executable exe ee9dccc36f0908f24e6b6b42a18516af36135f552b3fb5b965045c727e42b6a8

  
Dropping
MD5 b681990459f4aa0a6798136e682cd82f
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee9dccc36f0908f24e6b6b42a18516af36135f552b3fb5b965045c727e42b6a8

Comments