MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d81578cd33b2913ad0e2333142cc7f65f28ebeb03d734540b24f5cb422bcdc9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d81578cd33b2913ad0e2333142cc7f65f28ebeb03d734540b24f5cb422bcdc9b
SHA3-384 hash: 751bec22fe7018e2fc42391cf4aded6bf52252d0b41814a4e1ab4b91233ea1e925322fccfd875b61d30316d296c3695e
SHA1 hash: bbaeb07155a7e01ef4f75d149ed11fcf55ea799b
MD5 hash: 6daadb28cdf07e32890d071fe04cdf95
humanhash: gee-one-echo-social
File name:SNA09009000.UUE
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:295'011 bytes
First seen:2021-02-12 09:11:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:7lUv0ne+LiglNzwHhZg6fwfHN+1HDLa2r2ttLykshi1tYSlJLIu:Wvee+HlChq6fSM13a2r2tteBi1t9lyu
TLSH 1A542317A8D763DA8168C5C43BEB807E70A8646CC3524D9D4BF3385702CC6B72D86FA6
Reporter abuse_ch
Tags:geo SnakeKeylogger TUR uue


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.107
From: ekstre@eekstre.qnbfinansbank.com
Subject: CardFinans KOBİ Visa Ocak ayı ekstreniz
Attachment: SNA09009000.UUE (contains "SNA09009000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis9BC5B2FCB753.26905.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d81578cd33b2913ad0e2333142cc7f65f28ebeb03d734540b24f5cb422bcdc9b/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 10:56:42 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3akxrtjtwkitvuhcgmyuftd7mxzi5pvqhvzukqfsj5oliiv43snq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d81578cd33b2913ad0e2333142cc7f65f28ebeb03d734540b24f5cb422bcdc9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip d81578cd33b2913ad0e2333142cc7f65f28ebeb03d734540b24f5cb422bcdc9b

(this sample)

SnakeKeylogger

Executable exe 5811714441e9b7268f6b03593c9d380f238d64cc685db7fb8bbb16533cce2b66

  
Dropping
MD5 9bc5b2fcb753e423429cde4d99fa8c6b
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5811714441e9b7268f6b03593c9d380f238d64cc685db7fb8bbb16533cce2b66

Comments