MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc9dc325264042bc96e205b1e6e2a21ee7fb23e477578eace75154bb4405d3a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	cc9dc325264042bc96e205b1e6e2a21ee7fb23e477578eace75154bb4405d3a1
SHA3-384 hash:	b3165c909baaf8de72b7644afd6b32a88a50207f7fd94ad0a24162cddfa533b06ebae5ceca5991d9d9b2db3874c198b6
SHA1 hash:	ff7a9cf559047c9b47df0f02041d7fe74a436e1c
MD5 hash:	504426b321ccf68e52f7d17485fc55ef
humanhash:	dakota-leopard-tango-jig
File name:	SERIA0900800.LZH
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	282'819 bytes
First seen:	2021-02-05 16:37:56 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:KyPiNUtr+XzT8BddS54/lFysTuO0dX8vGqhGfPVUmsv:/PiNg0v8Bddw0OsqtVlPIv
TLSH	9854235C1442CF816F172963D047594568CFAF502D39E8A2BAEA88979EC23DF307F897
Reporter	abuse_ch
Tags:	lzh

abuse_ch

Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.52
From: accounting@abkcoal.com
Subject: Purchase Order5/02/21
Attachment: SERIA0900800.LZH (contains "SERIA0900800.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Inject4.6999.22033.7576.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cc9dc325264042bc96e205b1e6e2a21ee7fb23e477578eace75154bb4405d3a1/

Threat name:

ByteCode-MSIL.Trojan.SnakeKeylogger

Status:

Malicious

First seen:

2021-02-05 01:38:25 UTC

AV detection:

31 of 47 (65.96%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zso4gjjgibblzfxcawy6nyvcd3t7wi7eo5ly5lhhkfklwraf2oqq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cc9dc325264042bc96e205b1e6e2a21ee7fb23e477578eace75154bb4405d3a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip cc9dc325264042bc96e205b1e6e2a21ee7fb23e477578eace75154bb4405d3a1

(this sample)

exe 1308341da137735df2977aafb036ee3060bc1027f9ac9938c5a128cf422fa5d7

Dropping

MD5 d35cd59ff4c7564646665cbce5be4851

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 1308341da137735df2977aafb036ee3060bc1027f9ac9938c5a128cf422fa5d7

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample