MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdd356099d91af3103f63eee04c67721075a81d3c5fd8a9ff73c4ab8dcc7473e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdd356099d91af3103f63eee04c67721075a81d3c5fd8a9ff73c4ab8dcc7473e
SHA3-384 hash: 4cabb77804cc5d7d76486328d7da26571195f3e09e129e907ec4168e26a86120173aaf1c73e8cb33386e688e31f6edce
SHA1 hash: 726f4d11d295c10ea406ad1017101685daf521ed
MD5 hash: 2b00c34e5f971ed2e9058e3641cbfb59
humanhash: stairway-pluto-carpet-hawaii
File name:Invoice.r00
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:660'221 bytes
First seen:2021-06-22 11:37:28 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:ZfPtIAcTNDJYeIo3fwUZBi4BhokRn/hnFJ4YjcCVRv9Cpl:ZfPtIAcFJYeIowiBi4wkRn/hF+CVt9Cv
TLSH 20E423D2530FDD88883938B8F16632979A5DFE33D22BC396623F1254DF69465E06708B
Reporter cocaman
Tags:INVOICE r00 SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Mohannad Anis Azem (Admin Dept) <Mohannad.Azem@dib.ae>" (likely spoofed)
Received: "from dib.ae (unknown [185.222.57.171]) "
Date: "22 Jun 2021 04:08:39 -0700"
Subject: "Reconfirm Invoice"
Attachment: "Invoice.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cdd356099d91af3103f63eee04c67721075a81d3c5fd8a9ff73c4ab8dcc7473e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-22 08:52:35 UTC
File Type:
Binary (Archive)
Extracted files:
34
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxjvmcm5sgxtca7wh3xajrtxeedvvaotyx6yvh7xhrflrxghi47a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/cdd356099d91af3103f63eee04c67721075a81d3c5fd8a9ff73c4ab8dcc7473e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

r00 cdd356099d91af3103f63eee04c67721075a81d3c5fd8a9ff73c4ab8dcc7473e

(this sample)

SnakeKeylogger

Executable exe 4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5

Comments