MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f480c3f483f8cbb50de83acc933eedc4d9f30e56cffbad1ae4aaca046791f029. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f480c3f483f8cbb50de83acc933eedc4d9f30e56cffbad1ae4aaca046791f029
SHA3-384 hash: f4f012c67750873520e09240920763e21bc3cfd90a590a0846f24c51c1f0df2aa50f3af9a5436ddde8ddab33c68753b1
SHA1 hash: 2f5ed5add175126c00c076832c3f6e4170a24304
MD5 hash: af3e875121ce519121930ebec4d689bb
humanhash: fish-nebraska-washington-pip
File name:Shipping Documents Original BL, Invoice Packing List.img
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'507'328 bytes
First seen:2021-02-16 06:44:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:m+9ZQeMbopAuK7TKKXY3CSz/2MW1tjHc:JQeMbqOKKI1O51Hc
TLSH 55657B5B22946FA6FC7DA3791170843087F3B82BE770D99D7EC420EA2563F84C691E46
Reporter abuse_ch
Tags:DHL img SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: fi.fiercegauge.live
Sending IP: 45.95.168.180
From: DHL | Global | Forwarding<dispatch@dhl.com>
Reply-To: DHL SHIPMENT <gana@ysu.am>
Subject: LAST REMINDER: DHL Shipment Notification for sales.
Attachment: Shipping Documents Original BL, Invoice Packing List.img (contains "Shipping Documents Original BL, Invoice & Packing List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.24042.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f480c3f483f8cbb50de83acc933eedc4d9f30e56cffbad1ae4aaca046791f029/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-16 06:45:14 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6samh5ed7df3kdpihlgjgpxnytm7gdswz7522gxevlfaiz4r6auq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f480c3f483f8cbb50de83acc933eedc4d9f30e56cffbad1ae4aaca046791f029

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

img f480c3f483f8cbb50de83acc933eedc4d9f30e56cffbad1ae4aaca046791f029

(this sample)

SnakeKeylogger

Executable exe b9f2863fa3e07c6c02defa3f19574f71118fcdbb37b1f4292088226319da3a78

  
Dropping
MD5 b6865cc5aee69be1f13020c282fa8fbc
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9f2863fa3e07c6c02defa3f19574f71118fcdbb37b1f4292088226319da3a78

Comments