MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edcc4c2888b2efd98c5bbcc069e24a2762203029bc22a314596534482c262132. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edcc4c2888b2efd98c5bbcc069e24a2762203029bc22a314596534482c262132
SHA3-384 hash: 1079a3fa0cd0d5a119e279d0a5cfd5d1d3976aed135ab34eefdeb98099d16291e6b143177c241c3eb7b06015419ae3c5
SHA1 hash: 83ef00a4e9354575c6e345c05d348306746cbb34
MD5 hash: aedfc2dcfb41241e9b90aac3ca98de56
humanhash: floor-fourteen-king-happy
File name:New order.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:822'272 bytes
First seen:2021-05-14 10:52:44 UTC
Last seen:2021-05-14 12:17:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Tl0oA2svl1ZH8J+PNY5kXvuwW889rKOG+0i/ka3JvI:T6201Zc4VWkXJpu+F+0Cka3C
Threatray 879 similar samples on MalwareBazaar
TLSH BB057DA0F298DCE9D41713B9887AEC21116BAF5DA4B5C51D342F752A6BB334320A7D0F
Reporter cocaman
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
3
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/156530/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/781756
Signature
Found malware configuration
Initial sample is a PE file and has a suspicious name
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AntiVM3
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edcc4c2888b2efd98c5bbcc069e24a2762203029bc22a314596534482c262132/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-14 08:34:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
24
AV detection:
22 of 47 (46.81%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5xgeykeiwlx5tdc3xtagtyske5rcambjxqrkgfczmu2eqlbgeeza._file
Verdict:
unknown
Similar samples:
4a0f2f1f14fc6444a79ce4d326f75a43cef11c46b1e7f594cf434ae26ad40dcb
SnakeKeylogger
6c19d7e749c5fb3b7dee5906be8a944b52352ccaf7fc4970caf58769988874f6
SnakeKeylogger
6c904d31705b726f227f61ea73b869fe7f8114a6d5888cae22094fd8f820f85d
SnakeKeylogger
bb64699a96c8015e7ef65276ab3c560042c093dc7e404548228fdaa06fdad07c
SnakeKeylogger
c5105375437a69ac2d05920a26fd126a75a4df6678be884a81ee8577e49ed42f
SnakeKeylogger
c7947f14a38b0fe33bdacd38693de50743ec08f8017663e634275950e8c0157b
SnakeKeylogger
ddc64dc3287add1737eae52570ef7bd03ffd7d0f688f3595df3f98d8a7bab864
SnakeKeylogger
e201cd6bbb02f0dd4fdc1720250299e0ca0179cdef855f67dcb9ef71eae80abc
SnakeKeylogger
f0200d5d2fa011e58f5704164a2f0b1bb47efe3fbb9f2df38a0d4521709af10d
SnakeKeylogger
f7074c7a3dfa9ab96cef330e5b13b64691f2e8844098928c8370da0f412b95a6
SnakeKeylogger
+ 869 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210514-n8vd36m562/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip bd65db42d9215064c539109f823daef013e66299ae60584cbf658ffa3fc686d1

SnakeKeylogger

Executable exe edcc4c2888b2efd98c5bbcc069e24a2762203029bc22a314596534482c262132

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 bd65db42d9215064c539109f823daef013e66299ae60584cbf658ffa3fc686d1
Cape
Cape
https://www.capesandbox.com/analysis/156530/

Comments