MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf
SHA3-384 hash: 0c185c2068877e135fea0d75e6bb4d7f09120999032185b074c52b54c450aebe14b8674817eef3979cd1793294d5f026
SHA1 hash: 02a173d87d7f4d837e8e13957ab9317be4ba6371
MD5 hash: 17c088b92377c557f1383f440d1a4b3e
humanhash: pizza-foxtrot-green-may
File name:mLTQD.zIP
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:3'013 bytes
First seen:2022-07-26 06:46:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 48:9/1OeSFGjkd7hNZXEiAH1rKP8p2UDlQMeqjH2A4GXwSfykwCNve0D2PiSLY0:11AnHEi9pUD+GrrwCNveE2n
TLSH T11B515C7CEC1BE270E8681D38A1ACB060322D7D3D188C8E942909C5705B866F73C53ACE
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:INVOICE SnakeKeylogger zip


Avatar
cocaman
Malicious email (T1566.001)
From: "sinanozcelikk@gmail.com" (likely spoofed)
Received: "from head-called.naturescar.com (unknown [185.222.58.49]) "
Date: "26 Jul 2022 06:22:40 +0200"
Subject: "INVOICE DOCS REQUESTED MV OMSKIY-125"
Attachment: "mLTQD.zIP"

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetectNet.01.21209.12384.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62df8e5fa2f481deb9693fdd/reports/56f0bfd0-9474-458b-9f61-726229323426/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf/
Threat name:
ByteCode-MSIL.Worm.Picsys
Create hunting rule
Status:
Malicious
First seen:
2022-07-26 06:47:06 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2q3t3gwq7xjquih4pia7ezvg3mzhtkc4br6lqikn5j57tiq32thq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/220726-hj7k5sefck/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Downloads MZ/PE file
Snake Keylogger
Snake Keylogger payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot5476629412:AAGbkcFsGq72YxKoGZjVmRBskss9nHikjMc/sendMessage?chat_id=5594190904
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip d4373d9ad0fdd30a20fc7a01f266a6db3279a85c0c7cb8214dea7bf9a21bd4cf

(this sample)

SnakeKeylogger

Executable exe 657b739d214b81d4f6a3b5a5ea325b0ecc4fbef2e26a907175b4517924f56d30

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 657b739d214b81d4f6a3b5a5ea325b0ecc4fbef2e26a907175b4517924f56d30
  
Dropping
MD5 4934aa26c6b0551cd0023ab0b7b2ab45

Comments