MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d505ede300f913499d3a5709f80b8ab6266c631f72f2b74a13f18d2fa9337248. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 9

Intelligence 9 IOCs YARA 4 File information Comments

SHA256 hash:	d505ede300f913499d3a5709f80b8ab6266c631f72f2b74a13f18d2fa9337248
SHA3-384 hash:	144bbcc82c2da687fd2f74b00b0c6ae8b536984cc952dfe8044d025ce7812ca3550e8b36d22171f7fb683d993e7282ef
SHA1 hash:	2940168a28b5b2c00367488ed32e9d60ac63e9a5
MD5 hash:	b66ddcdf7686147641840fb5740c8922
humanhash:	louisiana-early-football-timing
File name:	New Offer.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	911'872 bytes
First seen:	2021-04-29 13:50:43 UTC
Last seen:	2021-04-29 16:47:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	12288:77/MGw/RAjUclCw5X/1uQuqlSXsPYS2lGtjLnNdYxw0XK7Z9ZLS2oaLSY:n7iAgcPoLXZJQphdewt7Z9ZLXoaLt
Threatray	12 similar samples on MalwareBazaar
TLSH	2D15022733D49A55E07E1BF918B0818153F4BC427A22D31D7E99236E0FB2BD18B67392
Reporter	TeamDreier
Tags:	SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

New Offer.exe

Verdict:

Malicious activity

Analysis date:

2021-04-29 14:45:22 UTC

Tags:

evasion trojan snakekeylogger keylogger

Link:

https://app.any.run/tasks/c7c80134-18ca-42e9-9774-c9e50382ee3e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/146725/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.688-1.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d505ede300f913499d3a5709f80b8ab6266c631f72f2b74a13f18d2fa9337248/

Threat name:

ByteCode-MSIL.Infostealer.Coins

Status:

Malicious

First seen:

2021-04-29 13:53:31 UTC

AV detection:

3 of 47 (6.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2uc63yya7ejuthj2k4e7qc4kwytgyyy7olzlosqt6ggs7kjtojea._file

Verdict:

unknown

SnakeKeylogger

38a28c23a06bd4d76b939f80a9d771869474f6570c1879da4ba7b6561efb5f11

SnakeKeylogger

5ec1e61f1b16385377817460f00e7efc8cdb2d45b625a165f4d62bab276b0d53

SnakeKeylogger

6dc5759e0f8a3b5c7da77d3057152b5142ce784265a9cdc6b97d8a7d34bc2cfd

SnakeKeylogger

715d46c6e11ff294b36319090f36cc5b6efbf3a3ebd6c03395144b3c6f501606

SnakeKeylogger

8a8277aacb3fe8501802b00b3cf5d674776f4050c9caf0fcbbaa977b48966215

SnakeKeylogger

982f78486c92d9a057765b69ff096bbaed9a0b8ef5e0e320f7d9c465f82575be

SnakeKeylogger

9ea4a4a25a5cda6ab988055c5172dc2993acc05dcb480f9007d52b188b7d44c7

SnakeKeylogger

b40ad65591265e4e41072960963f3c4471b009dd8cd24972bee44dbaadaf1b0f

SnakeKeylogger

dbb97dbd46f947a190a1fe6d12ad7e959242a52832d0b402beea30e52ea76ef1

SnakeKeylogger

+ 2 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger spyware stealer

Link:

https://tria.ge/reports/210429-aae85t8aan/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger Payload

Unpacked files

SH256 hash:

11cf5a51e593c007ff4f91294cf505ffd5e425e56387c60d81e6479cc284cc3b

MD5 hash:

73cc3f7e7700e6a54cb5f291dffe5aa1

SHA1 hash:

09174f9fa55c9bac0540efb7a8c682878a32d02d

Link:

https://www.unpac.me/results/0e8ca6a4-ab71-4cca-86aa-398e55678e2b/

SH256 hash:

d505ede300f913499d3a5709f80b8ab6266c631f72f2b74a13f18d2fa9337248

MD5 hash:

b66ddcdf7686147641840fb5740c8922

SHA1 hash:

2940168a28b5b2c00367488ed32e9d60ac63e9a5

Link:

https://www.unpac.me/results/0e8ca6a4-ab71-4cca-86aa-398e55678e2b/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with ConfuserEx Mod Beds Protector

Rule name:	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu Create hunting rule
Author:	ditekSHen
Description:	Detect executables with stomped PE compilation timestamp that is greater than local current time

Rule name:	Keylog_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Contains Keylog

Rule name:	MALWARE_Win_SnakeKeylogger Create hunting rule
Author:	ditekSHen
Description:	Detects Snake Keylogger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/146725/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample