MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc581ca13c6685865dea4951a7362e7ac213a359ae88b97eda7fa1462923c986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc581ca13c6685865dea4951a7362e7ac213a359ae88b97eda7fa1462923c986
SHA3-384 hash: 79c13869e4ad9de398ba87385f8409dd0844aad4f02b8905a5100cdd1214d63d75663b3ecf1a68d79f0188476cfe77ae
SHA1 hash: c59a48f8fa95943d4f2111cf63299acaf3cfd5c2
MD5 hash: 3db68d8943e5f12a63f088483e4176c2
humanhash: kentucky-jig-skylark-april
File name:QPR-1064.pdf.iso
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:2'097'152 bytes
First seen:2021-01-13 20:09:04 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:dMGKut10OzbNj6uT5YQ4AYOPhpEfRMSVJx:KGX15vNjcV
TLSH 1EA52842F745CB90D87175B7468AD3AA136AF9E715D0C2C6730E7B313A237C26E8E648
Reporter abuse_ch
Tags:iso SnakeKeylogger


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.emexapparelcorp.community
Sending IP: 50.7.154.2
From: miskender <pazarlama@viistif.com>
Subject: Re:Re: Shipping Doc
Attachment: QPR-1064.pdf.iso (contains "QPR-1064.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL
Create hunting rule

PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc581ca13c6685865dea4951a7362e7ac213a359ae88b97eda7fa1462923c986/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 20:09:08 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrmbzij4m2cymxpkjfi2onroplbbhi2zv2els7w2p6qumkjdzgda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cc581ca13c6685865dea4951a7362e7ac213a359ae88b97eda7fa1462923c986

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

iso cc581ca13c6685865dea4951a7362e7ac213a359ae88b97eda7fa1462923c986

(this sample)

SnakeKeylogger

Executable exe 91a31ae7de6c7cfa8123333cec0fb4ac9317b12e8b1ede01de97936c8ab82ed7

  
Dropping
MD5 64b5e237121e4d6832c5de27f2c4bac0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91a31ae7de6c7cfa8123333cec0fb4ac9317b12e8b1ede01de97936c8ab82ed7

Comments