MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586
SHA3-384 hash: b2291e5c29e7424bb209e29ecc766cb915a187cb1d927ca381fcd1e56da0e71cf517e809e6833529d15786f2760cfe64
SHA1 hash: eed99f7ce179cd830b10784bef004608d034a559
MD5 hash: 1810d5330f793e22d81f85e83997033e
humanhash: april-potato-glucose-washington
File name:Product Inquiry.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:522'297 bytes
First seen:2022-04-29 07:46:24 UTC
Last seen:2022-04-29 10:57:50 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:QNnk7o3T1UPXse+5XmPIpVeoIBBZWHgZwFRRjMEQgH0:dET1+DcWPeVeZBjWAZ6bjMEf0
TLSH T1DEB4232F6023CB294507D925ADF6706A1FC158DC84AF6986CEBBB3329A974F4C01B817
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:rar SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "inquiry@finicare.com" (likely spoofed)
Received: "from postfix-inbound-v2-5.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "25 Apr 2022 16:57:55 -0700"
Subject: "Product Inquiry"
Attachment: "Product Inquiry.rar"

Intelligence

File Origin
# of uploads :
3
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/626b9805a796b19348fad1ba/reports/6d30f588-d22c-424c-a3a9-f84d9ebb922f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-23 12:44:55 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
20 of 42 (47.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=47tpuiyv7x444ddj2pbzmpfhzj4kbasegrjb2mn5yxh3rnpygwda._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger stealer
Link:
https://tria.ge/reports/220429-jmh8dseaep/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Snake Keylogger
Snake Keylogger Payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot5203924745:AAHBwqsxtZT7w6GPVRJfGAHycmwHnSBWtlI/sendMessage?chat_id=5221788554
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586

(this sample)

SnakeKeylogger

Executable exe 2decd21463b4da4aca846862ce5c77fc74ab89b6fdbcc9eb9727802b992a7a5b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2decd21463b4da4aca846862ce5c77fc74ab89b6fdbcc9eb9727802b992a7a5b
  
Dropping
SnakeKeylogger

Comments