MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc
SHA3-384 hash: cc17fa7fbc652ebab1b37c94350eaf27a9c9b2d2b6ddff0dc8e239b7f90d1ae2c2101379dfa2ce436fb6d227af6edf51
SHA1 hash: c3bea2c8c5ebcfedbfd115bbdd1a079b232722b7
MD5 hash: 38c2a9d5567755dea34e0221599135ec
humanhash: montana-foxtrot-social-skylark
File name:Quotation.pdf.z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'008'486 bytes
First seen:2023-06-07 12:17:28 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:45kNqR0u5fzZf1YrM/lBrZqeOvBQWovGIBFrgxs5r:BNzuhN1YI/l1ZqeOvto8xsF
TLSH T14B2533448E270276D8473AA26C141DCAF374732D2DC149DCC6F77DAF27CC7282A6A19A
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:QUOTATION SnakeKeylogger z


Avatar
cocaman
Malicious email (T1566.001)
From: "Nazmul Ahbar <nazmul@jistgroup.com.bd>" (likely spoofed)
Received: "from jistgroup.com.bd (unknown [109.237.98.164]) "
Date: "2 Jun 2023 12:34:28 -0700"
Subject: "Quotation"
Attachment: "Quotation.pdf.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Quotation.exe
File size:1'101'824 bytes
SHA256 hash: c33a4a01c095a0f649625c0af1a6a204fcdad3c75330865210f0d1aad01529a6
MD5 hash: a98c5098d724b942f79a9b26c1f647f7
MIME type:application/x-dosexec
Signature SnakeKeylogger
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6480757bc006100638b63972/reports/500e40df-9041-46bc-b526-f91c44692587/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-06-02 11:16:15 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ge3n4wlb3lzy6pfpfi63mdjzz3vahzvp2ahqryhkl4cpcomzhga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

z d189b6f2cb0ed79c79e57951edb069ce77501f357e8078470752f82789ccc9cc

(this sample)

SnakeKeylogger

Executable exe c33a4a01c095a0f649625c0af1a6a204fcdad3c75330865210f0d1aad01529a6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c33a4a01c095a0f649625c0af1a6a204fcdad3c75330865210f0d1aad01529a6
  
Dropping
SnakeKeylogger

Comments