MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 15

Intelligence 15 IOCs YARA 4 File information Comments

SHA256 hash:	ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250
SHA3-384 hash:	532678f54f8351a3446381cc9c0ea5045ba6231ca30e320e3b1e14123f7ce313e666ef3f21ecd9d53e844ac6fdf9be3c
SHA1 hash:	808c5dfe3332beef56946e71c12e9aef8b261fd9
MD5 hash:	cd3b89d70c6c3e69ef61043203971251
humanhash:	xray-lemon-item-fanta
File name:	SecuriteInfo.com.Win32.KeyloggerX-gen.30924.10218
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	854'016 bytes
First seen:	2023-11-17 04:19:25 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	12288:nWuNuRe74QslMSwe5z/zAKkfGvu4TmCx21vqbBtM9ij23DFgx:NkISMM5b0KmE21vqbtj23DFgx
Threatray	5'875 similar samples on MalwareBazaar
TLSH	T17D05E0A632244F7BD27A01F591011D8087F26E2664BEDBC1ECC664FBB6C6FD616205B3
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	SecuriteInfoCom
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

405

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/458901/

Detection(s):

SecuriteInfo.com.Win32.KeyloggerX-gen.30924.10218.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Reading critical registry keys

Forced shutdown of a browser

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/6556e9f23f56544041fa0fc0/reports/a8113450-b7af-43c3-a3aa-19cc713e8b4a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/28f4691e-8f35-4447-80f4-15742a900af1

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-11-17 02:33:18 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

8 of 38 (21.05%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zymxct6yxc44wt3wieibkjsnmhnw3h75kndhnx4wmj5d6bxxkjia._file

Verdict:

malicious

Label(s):

agenttesla

SnakeKeylogger

6af326333d060286daaf29227b41f2afb25c43f072571a096c504c84e61749d3

SnakeKeylogger

7b80af0eb67ef03700b1aa95e8e25ec0b9f4debd4dc0f9276eac46f9120c6e73

SnakeKeylogger

861560fab6adef6b87a9ca272f91f8979bc28e85f120a390dadad92bccf77996

SnakeKeylogger

d408028effc2b11fa534f39e69c131a8342d1a8d40c42cadb0c4c019c3469b5c

SnakeKeylogger

da46c2f32055b74582d0ba99db21973c6e011ccbdba451ebf237f10e30401fe6

SnakeKeylogger

e3a38aeddcd6a3526af9adc0778d9c329cacbd2792969ca56556634609170207

SnakeKeylogger

fffc596389cada3bd1e1d1659029e607e14320cbdd126de7fdbe33b99f9c59d7

SnakeKeylogger

+ 5'865 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger collection keylogger spyware stealer

Link:

https://tria.ge/reports/231117-ex3ybsfh81/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger payload

Unpacked files

SH256 hash:

2dfbc4bc587bb4f379b31dcb6f1f1306d2d02ae9835253f8bc9196bcab0c54a1

MD5 hash:

f3c83d9986f8eecc65a2f84c3353c855

SHA1 hash:

f870abf3e7804c47a687007664005095174e9b5a

Link:

https://www.unpac.me/results/a87e5c01-f25b-4dfe-b343-9d754c3ea71a/

SH256 hash:

d01f3dea3851602ba5a0586c60430d286adf6fcc7e17aab080601a66630606e5

MD5 hash:

579197d4f760148a9482d1ebde113259

SHA1 hash:

cf6924eb360c7e5a117323bebcb6ee02d2aec86d

Link:

https://www.unpac.me/results/a87e5c01-f25b-4dfe-b343-9d754c3ea71a/

SH256 hash:

76482f1dc9b0639dd6b2d762e09101875e207e8c60e146a43ca182a4c13d6afa

MD5 hash:

9561bc00330bfa400784c1b3b2075d0b

SHA1 hash:

b98f0014f428085dea5ea44108d64d9119e3d698

Link:

https://www.unpac.me/results/a87e5c01-f25b-4dfe-b343-9d754c3ea71a/

SH256 hash:

ec99d66ab920eb6fc4f31b13976127dd859ab6a991392b37e8e508d170feb0c5

MD5 hash:

e8d44152133f17ffadc07f1b12abba2c

SHA1 hash:

2c355b0d5b17f410632b391408764fbe028fdefe

Detections:

snake_keylogger

win_404keylogger_g1

MAL_Envrial_Jan18_1

MALWARE_Win_SnakeKeylogger

INDICATOR_SUSPICIOUS_EXE_TelegramChatBot

INDICATOR_SUSPICIOUS_EXE_DotNetProcHook

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_SUSPICIOUS_Binary_References_Browsers

Link:

https://www.unpac.me/results/a87e5c01-f25b-4dfe-b343-9d754c3ea71a/

SH256 hash:

ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250

MD5 hash:

cd3b89d70c6c3e69ef61043203971251

SHA1 hash:

808c5dfe3332beef56946e71c12e9aef8b261fd9

Link:

https://www.unpac.me/results/a87e5c01-f25b-4dfe-b343-9d754c3ea71a/

Malware family:

SnakeKeylogger

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ce19714fd8b8/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ce19714fd8b8b9cb4f76411015264d61db6d9ffd534676df96627a3f06f75250

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/458901/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample