MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2b6244c2e12402f4f929565d33f3dea77d491f9f12df825efa9823c4b73a1d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f2b6244c2e12402f4f929565d33f3dea77d491f9f12df825efa9823c4b73a1d3
SHA3-384 hash:	c4a17d23c7bf8711361fbc8b25555a972a7bcf02a86038b775a45f30a35f4d3ae938bb41136cf7a7a712d0d67c831c4a
SHA1 hash:	81c50de168d0cc9c69dc18a0db374912d60a819c
MD5 hash:	3d2cf2f0028bac1554865e4e1a63e105
humanhash:	magazine-black-skylark-potato
File name:	Орден Alphagrissin.img
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	677'888 bytes
First seen:	2021-02-23 15:57:59 UTC
Last seen:	2022-04-19 20:15:43 UTC
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:bCbYQjoiuZ3JLCDpyXuD0yGykyvyWyLykyxN7pJVAZnrezn:bCbYQjoBZ3JLCU3yGykyvyWyLyky/pJM
TLSH	D7E4E1CF34528DAAE814D5FF6CA9C3B5736BB6D5012A73B8325D42C90B2BC7C718A614
Reporter	abuse_ch
Tags:	geo img SnakeKeylogger UKR

abuse_ch

Malspam distributing SnakeKeylogger:

HELO: s1.hostservers.com.au
Sending IP: 110.232.113.199
From: Роман Романченко <r.romanchenko@alphagrissin.ua>
Subject: Alphagrissin Замовлення на придбання
Attachment: Орден Alphagrissin.img (contains "Орден Alphagrissin.exe")