MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccfd2e52d7693a9a264087193f88aa3b17c3c047e18636aad76c5f81a0c5ae3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccfd2e52d7693a9a264087193f88aa3b17c3c047e18636aad76c5f81a0c5ae3b
SHA3-384 hash: 9bc76f81709708b23e611ab767a854b9fca5902ebae029156f2ef029fb46a6f55728abfe04c893176831cfca9af2c34e
SHA1 hash: 9244d3c776786b177ae1c4beb1b8304ebdfde405
MD5 hash: 49f21c316afb5b6cb10c0618ff10ef1b
humanhash: georgia-thirteen-oscar-muppet
File name:Document.gz
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:905'200 bytes
First seen:2021-02-03 08:03:45 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:dDF6OSOuX/I655aLIhlRk+TyFU+CJ+T2ulvhsAfXPB:dDF6O1uvgshjkralA2CT/B
TLSH A1153310D370F6FE3B168B9F77292750F9587485E08A3218879EABD343B5822B1B15ED
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: barracuda3.batan.go.id
Sending IP: 223.25.97.93
From: Bangkok Bank Plc <ccmsservice@bbl.co.th>
Subject: Inquiry- WEGO CONTRACTING LLC
Attachment: Document.gz (contains "Document.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccfd2e52d7693a9a264087193f88aa3b17c3c047e18636aad76c5f81a0c5ae3b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 08:04:11 UTC
AV detection:
13 of 45 (28.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zt6s4uwxne5jujsaq4mt7cfkhml4hqch4gddnkwxnrpydigfvy5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ccfd2e52d7693a9a264087193f88aa3b17c3c047e18636aad76c5f81a0c5ae3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz ccfd2e52d7693a9a264087193f88aa3b17c3c047e18636aad76c5f81a0c5ae3b

(this sample)

SnakeKeylogger

Executable exe 4af50dcf7edd1e603facf019db985ab691427277e6c16f98cb551f5f2a6643ea

  
Dropping
MD5 f7c431e3313758b282bc7b0f6532d54c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4af50dcf7edd1e603facf019db985ab691427277e6c16f98cb551f5f2a6643ea

Comments