MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b
SHA3-384 hash: 070d6ab16ac14b9af0d1fadcdf2876fc7dd7edbb2e1135ab29b0ca24735920083f22b432327bb2ec573ae7c423bc2f04
SHA1 hash: 10e401141ac5a99abcbbe9516764b20d3c97f31d
MD5 hash: 501660f2310efb40ca77a981044c61f5
humanhash: saturn-sad-lactose-victor
File name:Purchase Order.LZH
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:692'266 bytes
First seen:2021-06-28 11:05:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:3xfRE2akLR75t3lpEgAQ67NgC/hNovxc5h3fgQg8sOk4xUfn:3lRE2akT/N67/hCvx+PgysOM
TLSH A5E4231C89B5D9DFAEC2F13C40DCC2956023E1AD7B4AED62817AD91369AD61EDC0CC89
Reporter cocaman
Tags:lzh rar SnakeKeylogger


Avatar
cocaman
Malicious email (T1566.001)
From: "USMAN <noreply@domain-admin.com>" (likely spoofed)
Received: "from domain-admin.com (unknown [46.183.220.10]) "
Date: "28 Jun 2021 13:16:34 +0300"
Subject: "RE: Purchase Order"
Attachment: "Purchase Order.LZH"

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-28 11:06:31 UTC
File Type:
Binary (Archive)
Extracted files:
31
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=53amdi2pa6defiabwhbwcekzirwwkwdmy72qe6amabpehgggfgfq._file
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger evasion keylogger spyware stealer
Link:
https://tria.ge/reports/210628-8jja3hjch2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Looks up external IP address via web service
Maps connected drives based on registry
Checks BIOS information in registry
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
Looks for VirtualBox Guest Additions in registry
Snake Keylogger
Snake Keylogger Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar eec0c1a34f078642a001b1c3611159446d65586cc7f502780c005e4398c6298b

(this sample)

SnakeKeylogger

Executable exe b4f24bab25dad894baf946a1f35664f1e9c1906d84d770c42d42397620191335

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4f24bab25dad894baf946a1f35664f1e9c1906d84d770c42d42397620191335

Comments