MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1d137d9e7498bfcc2d545b19f4ca50f0dd961b1f9372c4d8f55f7862fbe0346. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1d137d9e7498bfcc2d545b19f4ca50f0dd961b1f9372c4d8f55f7862fbe0346
SHA3-384 hash: 74ecc884de09b73cf83c976361daf4278a24dbccc994030a0d77769f9f1f0f63e0e09c3a2dc02ef135555c09e18ded86
SHA1 hash: 660cb052f8217fcc005b40aadc3f892108effed2
MD5 hash: d591c93d31d80147e7369e0629b7565e
humanhash: earth-nevada-papa-magazine
File name:PRODUCT SPECIFICATION.7Z
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:13'054 bytes
First seen:2021-02-25 10:10:48 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 384:wTFxVe9T90xHkZcN6HrdMPGR5N9lDV9V5mCR/qTx:g5e6kq6ieRr9xzHR/qTx
TLSH A242C033A7C2DDC3E2C117AAF99C51652AE42B200599C02DFFFE7654701EC8D4D8D1A5
Reporter abuse_ch
Tags:7z SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: coolermaster.com.tw
Sending IP: 45.133.116.243
From: Raffizas<sales@coolermaster.com.tw>
Subject: purchase order
Attachment: PRODUCT SPECIFICATION.7Z (contains "PRODUCT SPECIFICATION.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.9409.15439.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1d137d9e7498bfcc2d545b19f4ca50f0dd961b1f9372c4d8f55f7862fbe0346/
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 10:11:10 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hitpwphjgf7zqwviwyz6tffb4g5synr7e3sytmpkx3yml56anda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

7z d1d137d9e7498bfcc2d545b19f4ca50f0dd961b1f9372c4d8f55f7862fbe0346

(this sample)

SnakeKeylogger

Executable exe f4dcdf575d7c25bdba3e73ac2ff890b1103dcf43325b8876c5215204fcf7d1fb

  
Dropping
MD5 00fc5691b97003612a77a30ad7cb0f1c
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4dcdf575d7c25bdba3e73ac2ff890b1103dcf43325b8876c5215204fcf7d1fb

Comments