MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
SHA3-384 hash: 60f5bf5da931868cb6e231654701acc45d8e88e23dfae7f0a95b02e51065394517603f418845e5c60e61b14f29175d28
SHA1 hash: 27aa313a64ff37d6c31bd1a0a9953f00a48b3408
MD5 hash: facd1c07ffcfb16de518d0c977814d92
humanhash: lactose-lemon-uniform-beer
File name:whesilox.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:732'160 bytes
First seen:2021-07-22 12:39:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:JIZRPc5/wTDrYpFibSlbUVU1tBvzDAo2Sq1oXsxyaUVKnp:75ITDYFimlm+tBbMo2SqPMahp
Threatray 328 similar samples on MalwareBazaar
TLSH T102F4CE35F227A708DCB4C3FB1858925167B9BCE8B219C7396E58B1F878736782AD1710
Reporter malwarelabnet
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Order _ 08201450.doc
Verdict:
Malicious activity
Analysis date:
2021-07-22 12:04:20 UTC
Tags:
exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/2cc1d4e4-fbae-41f1-b889-e389d234a6b3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/173315/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.935-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c28dd738-e256-435d-9734-9c2f8d6c57f3
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/820112
Signature
.NET source code references suspicious native API functions
Found malware configuration
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-07-22 09:58:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3de2043d5dc6aa1879f040d9c69e905424acabe29ac4162752bbf57f83ae58a6
SnakeKeylogger
578aa3607cb34fde024d099b916e61c0a767d952312a2e8c9276f3167a65ad14
SnakeKeylogger
69950e3903237ab9d6441a23af192268cf49da8e1034f77990833a60738090a6
SnakeKeylogger
ad060fffb69419f682cc68d3aa4034b04466c11228bd7e93b6c43755e0a237e3
SnakeKeylogger
b5e1daebfb2aa234328dc9776a1ecc77dd2726a7709c353c0265d8b1f4803f1c
SnakeKeylogger
b9acd58a25a9493713c0b5a3be62db4338de550aad1b23054d4be3de0c1b0c46
SnakeKeylogger
c39703a0644e67f2c3486446350a71c559d3f35414df73dbcde3fb731948eb2f
SnakeKeylogger
c4e1ba047b2fa0d07de6a124e882025489d5ff95e2a2cef31c4526199636f3cd
SnakeKeylogger
dc5458e66a8c76f55a5f490f5c9d12ea6e92a67c6ed74dbe40ca066a149d1659
SnakeKeylogger
e0c5194ec5dd17f0a5f77c156e99deafdee0c6e25b5c54c4bedc7bc5420f3a1d
SnakeKeylogger
+ 318 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210722-s3b195t3rx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Unpacked files
SH256 hash:
83d9e44d9a311ea6fdbcbd09fdc816a2067806dcacf24beb5ee786191b1a3ea1
MD5 hash:
b1a7b752b6638ee03cffe5a1dde9213e
SHA1 hash:
52d215a173d2f293990f8c12fc7f4a86330a29cb
Link:
https://www.unpac.me/results/023fa4dc-7dca-4672-8e87-d8ed252ed5a0/
SH256 hash:
24c8fdab42c7454ec0d1f9dc61e55fa1c5aaa62ff17ebac4712b2ca507acf82d
MD5 hash:
fcaafb5cda0d879a2654cd767821c0fc
SHA1 hash:
610176016942d76d1e2835683270edcdf936ec9d
Link:
https://www.unpac.me/results/023fa4dc-7dca-4672-8e87-d8ed252ed5a0/
SH256 hash:
42aca6eadbe444a7999d2b2d40d043e37608cf3150a5207c0b5851c32b65718d
MD5 hash:
e4f3603500f565c3e01460385064a4b7
SHA1 hash:
72230103bfcce71321e09e9538ea6232434aeba6
Link:
https://www.unpac.me/results/023fa4dc-7dca-4672-8e87-d8ed252ed5a0/
SH256 hash:
4d6059bed77ebadb70092bd7a51de904ebb17ac822e22a08ee4c09352ae1e1c2
MD5 hash:
b0e4b1137e65d45c44f2a11575569aec
SHA1 hash:
d15be341c460239832bfae095e37850bd97015ce
Link:
https://www.unpac.me/results/023fa4dc-7dca-4672-8e87-d8ed252ed5a0/
SH256 hash:
e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
MD5 hash:
facd1c07ffcfb16de518d0c977814d92
SHA1 hash:
27aa313a64ff37d6c31bd1a0a9953f00a48b3408
Link:
https://www.unpac.me/results/023fa4dc-7dca-4672-8e87-d8ed252ed5a0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SnakeKeylogger

Executable exe e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/173315/
  
URLhaus
https://urlhaus.abuse.ch/url/1473381/
  
Delivery method
Distributed via web download

Comments