MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74cc5fdd69d061859f880fdbf426925abb62f09cdf34c5af8e93bda9fb62da3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d74cc5fdd69d061859f880fdbf426925abb62f09cdf34c5af8e93bda9fb62da3
SHA3-384 hash: 6c2a70fbede28ca764e22a92237b47cf62946bf81515d776ef8af95b5eae704ad88ce4217f0b99fe726907ce7ff24941
SHA1 hash: 0ee107031b192db05109c4e07929b334b1392e6f
MD5 hash: 23a799703619849b69d096a73c082120
humanhash: winner-july-beer-grey
File name:11585 INQ.docx.cab
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:12'401 bytes
First seen:2022-05-06 05:00:07 UTC
Last seen:2022-05-07 06:56:55 UTC
File type: rar
MIME type:application/x-rar
ssdeep 384:wOLTe2RAEdr6ID1qpRVAWgCUI2MMZCPARcTg:w6TvGO6II+LJcPARyg
TLSH T1EA42B0DBA396DB125E02EDD7C7ADE49200256DB05F50CF0DF29B64E00C98C66E1E4AE5
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:cab rar SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "Synergy Sales <sales@syindt.com>" (likely spoofed)
Received: "from syindt.com (unknown [2.56.59.155]) "
Date: "06 May 2022 23:02:25 -0700"
Subject: "INQUIRY-11585"
Attachment: "11585 INQ.docx.cab"

Intelligence

File Origin
# of uploads :
3
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/6274ab6e92de4ecac40b2238/reports/55ec79ce-bddd-4cc8-9f8e-7478080d6555/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d74cc5fdd69d061859f880fdbf426925abb62f09cdf34c5af8e93bda9fb62da3/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2022-05-04 13:49:13 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
20 of 42 (47.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=25gml7owtudbqwpyqd636qtjewv3mlyjzxzuywxy5e55vh5wfwrq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger stealer
Link:
https://tria.ge/reports/220506-fnjc1ahcc8/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Password Stealer
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/d74cc5fdd69d061859f880fdbf426925abb62f09cdf34c5af8e93bda9fb62da3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar d74cc5fdd69d061859f880fdbf426925abb62f09cdf34c5af8e93bda9fb62da3

(this sample)

SnakeKeylogger

Executable exe 9c14d6ca77383fa5a3724feab17b217b900295abf77311a8c88f39ff7bb02f01

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c14d6ca77383fa5a3724feab17b217b900295abf77311a8c88f39ff7bb02f01
  
Dropping
SnakeKeylogger

Comments