MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d04ae84089c0fe156f29001a3edc8e1dade35bc378aa9ba4657c9b07747215b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d04ae84089c0fe156f29001a3edc8e1dade35bc378aa9ba4657c9b07747215b8
SHA3-384 hash: 5bf799105f72804015c20522676e4f16a69d4c1bfd63d423abfd2fbdd02e97ef607c083fd191ca28de69901dafcafabb
SHA1 hash: 5ca744675111a7943d7511b9c1dd6f8522a5a72e
MD5 hash: 380ab002c14d39103a803bf2b7b4d8cf
humanhash: mockingbird-crazy-eight-cup
File name:PURCHASE ORDER.GZ
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:553'411 bytes
First seen:2021-02-21 07:19:41 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:N3teU/arDz13656ZECfsnNAVG49FqcO7e2uDU:br/i+6ZZqzq5bDU
TLSH A4C423DEC6B1C24AFBEF533A43EC2670E9BF2141519865DA3BC5870C8392B4DC995C86
Reporter abuse_ch
Tags:gz SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: vps.tecp0s.com
Sending IP: 203.159.80.121
From: office1@tecp0s.com
Subject: PURCHASE ORDER
Attachment: PURCHASE ORDER.GZ (contains "PURCHASE ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21777.RarHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d04ae84089c0fe156f29001a3edc8e1dade35bc378aa9ba4657c9b07747215b8/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-02-21 07:20:10 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2bfoqqejyd7bk3zjaand5xeodww6gw6dpcvjxjdfpsnqo5dscw4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

gz d04ae84089c0fe156f29001a3edc8e1dade35bc378aa9ba4657c9b07747215b8

(this sample)

SnakeKeylogger

Executable exe 3940236a6147e6a6642202e416a956d61cd41f709439075a99aa290767f55d8c

  
Dropping
MD5 7222129c8d8a72b3d0b8883ded4073fc
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3940236a6147e6a6642202e416a956d61cd41f709439075a99aa290767f55d8c

Comments