MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2
SHA3-384 hash:	3567fea772ac157f68a8560e415d43f973e74938766ca8d96f28330db0440e01d31b7623d79b039685e499cccae28542
SHA1 hash:	b48d8fbcde1165758d96e80c0fe74575c9fc21c4
MD5 hash:	6960d28f3c84b4257420cfddb2c75833
humanhash:	mexico-yankee-magnesium-princess
File name:	ASB Swift Copy.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	649'216 bytes
First seen:	2021-04-01 05:24:53 UTC
Last seen:	2021-04-01 11:06:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	12288:jiusb1d2ypcVwrk+vh6748E2Beg0SB72TPfUTCb/4UmjA:jBKT4CQHEAgDMTCb/Y
Threatray	47 similar samples on MalwareBazaar
TLSH	D8D4F162A3945762E57E477914311D2013F2FF25EF22FA0C7EA4B29E1AB6BC04763712
Reporter	fabjer
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ASB Swift Copy.exe

Verdict:

Malicious activity

Analysis date:

2021-04-01 05:32:47 UTC

Tags:

evasion trojan

Link:

https://app.any.run/tasks/620779b9-f32a-4993-80b5-0cd9241f054d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/130430/

Detection(s):

Win.Malware.Fareit-9802638-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/661589

Signature

.NET source code contains potential unpacker

Found malware configuration

Machine Learning detection for sample

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Yara detected AntiVM3

Yara detected Beds Obfuscator

Yara detected Snake Keylogger

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2/

Threat name:

ByteCode-MSIL.Trojan.Woreflint

Status:

Malicious

First seen:

2021-03-31 18:55:09 UTC

AV detection:

16 of 29 (55.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6jod3musuklq4d46ial7qk3arhmkuxbmpa3x7mtzeleivav6otra._file

Verdict:

unknown

SnakeKeylogger

586db0690d1fe17d41a23d8d06ad77bc62a01774b1792ea654c9fdcbe3bdbd1d

SnakeKeylogger

674b27aff16d272d81d002580257502c06f5f8d468141be2eef4386d51c91a99

SnakeKeylogger

9afbb7350fafda2e3e4e86047c929d7dc7023956ab54f073de2ba2e93d176329

SnakeKeylogger

a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457

SnakeKeylogger

b4881cc38748284029b7008aaf75c0f1f85a4dcb70a61425e787325736c83f36

SnakeKeylogger

b821cdf6b8cdb33d9f033ef0c5d444aedb5767ddf8c1faa87c79d7e7193e6d32

SnakeKeylogger

cb15e1a8f3339acd45d00adabdffef0ed9f169f0df0080c7f373396c16652236

SnakeKeylogger

e972405e876cec1144ec48c09a4e8ffe7f1b01d81e08df7189a4a63069e41494

SnakeKeylogger

fd5bc14dfef4ce87d17e11189789c91c56212b2a46532d42a77f5ceb79620b99

SnakeKeylogger

+ 37 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger spyware stealer

Link:

https://tria.ge/reports/210401-kjaj8x8prx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger Payload

Unpacked files

SH256 hash:

d436034270fb2d5380e4fcecc1ee6c821a1701aed96045fa13f597da16be08fb

MD5 hash:

00cbf73d8b9f03417a3a32957ec64ed4

SHA1 hash:

b862eff1cf240a5ad5325fd258892e534484a6e8

Link:

https://www.unpac.me/results/db7e9538-31af-4281-865d-9d76f6112fba/

SH256 hash:

f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2

MD5 hash:

6960d28f3c84b4257420cfddb2c75833

SHA1 hash:

b48d8fbcde1165758d96e80c0fe74575c9fc21c4

Link:

https://www.unpac.me/results/db7e9538-31af-4281-865d-9d76f6112fba/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

zip 1e5d4dfd192a0b6f0331eef416d427e09540df64bdd26f377eecf00d6be3e5fa

SnakeKeylogger

exe f25c3db292a2970e0f9e4017f82b6089d8aa5c2c78377fb27922c88a82be74e2

(this sample)

Dropped by

SHA256 1e5d4dfd192a0b6f0331eef416d427e09540df64bdd26f377eecf00d6be3e5fa

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/130430/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample