MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627
SHA3-384 hash: e0627916419a9d216e9bd20a9622fd1f96a5ad47969efb117250c675b85ff284765d43987734e8ba23c8de0b023463a5
SHA1 hash: 0b39dd9060b400fb3c70cffe141d6da869fbe623
MD5 hash: 1cdb21ed0d725270c0888b1810af26ff
humanhash: hamper-july-eighteen-robert
File name:TNT Original Invoice_pdf.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:563'100 bytes
First seen:2021-04-19 08:58:14 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:4Yh4NkMns4vo2anhdU4SSeyODOf3tYy+iBlfqENnbFk0J:wF9YvU/SeVOVz+ifDJO0J
TLSH 8CC423A652B6C889BA236C9BEF336AB31FCD14ECD120B661D7F41C25F2C68E65041573
Reporter cocaman
Tags:gz INVOICE SnakeKeylogger TNT


Avatar
cocaman
Malicious email (T1566.001)
From: "eInvoicing <tntsupport.admin@tnt.com>" (likely spoofed)
Received: "from www.twtmailman.com (www.twtmailman.com [139.162.7.170]) "
Date: "Mon, 19 Apr 2021 18:27:44 +1000"
Subject: "TNT Express Invoice: 09004105 - Account: 000011320"
Attachment: "TNT Original Invoice_pdf.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ym2a3raum7z6mkkty5uftdaenfffr5ohtstknadhmcs7zniqmytq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210419-qz4lcgxarn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz c3340dc41467f3e62953c768598c04694a58f5c79ca6a6806760a5fcb5106627

(this sample)

SnakeKeylogger

Executable exe b26443f64ed9fe456b57bec40231489a6d7d35c5a40f7610f796c63061d574d9

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b26443f64ed9fe456b57bec40231489a6d7d35c5a40f7610f796c63061d574d9
  
Dropping
SnakeKeylogger

Comments