MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066
SHA3-384 hash: 82d1a4b31d72a346c256d1f27c3819d87fc97a9856d1b7640ae22a9e663edaf2511027e78318f72eb5c747d95cbe3fc4
SHA1 hash: a4b5f0fa044be21f7f75c88c2936144c758b4ea3
MD5 hash: 429575355f8acb95d59b345fba264ff1
humanhash: uncle-virginia-hydrogen-kilo
File name:429575355f8acb95d59b345fba264ff1.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:855'040 bytes
First seen:2023-02-14 16:32:07 UTC
Last seen:2023-02-14 18:36:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 12288:dBHnyJf6ojz7prCIy19mZdaYlbe4YObIh+SpiB1Bzb9:dBHaf6ojxrCh4dZbjQiBD3
Threatray 6'928 similar samples on MalwareBazaar
TLSH T1A105B23CD9B82D2B8273E57AEAC5F417FA9048C6771D9D9F81C2AB410642513BC9BC2D
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
429575355f8acb95d59b345fba264ff1.exe
Verdict:
Malicious activity
Analysis date:
2023-02-14 16:48:19 UTC
Tags:
evasion trojan snake keylogger
Link:
https://app.any.run/tasks/505eca45-0bd2-4b4b-9bce-5ce9c57c83e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/365850/
Detection(s):
SecuriteInfo.com.Win32.RATX-gen.10887.9836.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7cd9f284-aaa2-4fdf-bc6c-4619d1f349ed
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1175522
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-02-14 16:33:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6svjcr7pmqcofahahcw2uqxrdrgp7bes6wos7ar6gayevt246bta._file
Verdict:
malicious
Similar samples:
0cc2e5b30e63a14392a667b12c238c794eba4d2e6bc8f581319baf1e0efe537b
SnakeKeylogger
0ed9aff27c95fc0b9915bcf964e5e08f0e4b9159bd4ed39cc2a3be64503ae27c
SnakeKeylogger
20e933700e0a43d79aafad13d07f388775fbc82d732dd00b8eefadaf07b1397f
SnakeKeylogger
4dd10f8112c4a81bd3904fb8eda3afb7cda488b448479e5e26e36e2c1038fc7f
SnakeKeylogger
73493f393423de3502be624402e63b53216a91ec15cb5ab1357661a75c2ad29e
SnakeKeylogger
9b99bfeaca81fa2a9b5f525bd35d6f7f87866a65970f3fcde51085401e51e4d5
SnakeKeylogger
cc59aa1e7c1791f184e0725ba1e86bfe1d636761bd640aed519e1eb1c81161b1
SnakeKeylogger
d1c140e8da159c5e1b62ef8707661a39fbe891438a417d41337119845b07ccbb
SnakeKeylogger
d85e746a22444825e6140beed538bf5ffd680b30c2458f68605a4b1efc58b591
SnakeKeylogger
fe54c0b2d2bb05070d5b4b683bcb03d4cb2ef7cbd071f8dd9a8d6050ab6b165e
SnakeKeylogger
+ 6'918 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/230214-t2hwaaef56/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Unpacked files
SH256 hash:
972f778e711b32dc63bd440d1264ec6d4a3699c26fe070b3e9d208220ff27258
MD5 hash:
d823d2b12aa6792693cbfaa1d7196fe0
SHA1 hash:
c4293250e6f9a7a64a1709142c050dc2b8d342b2
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
SH256 hash:
d06df7395d561e198f9b7c5481567116ff2e4c2e84437c018d2a2c8ea6c4ca37
MD5 hash:
0fb6061f7d37424fb9e6d0e76b019c19
SHA1 hash:
98a64bf7b459f032d6ec5793003bf61b5ae1dd74
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
Parent samples :
495607b1aef01bf7dfb64b5cb16a8fc0f161c2923627d71c69de97328f8eca3f
2434aa78b46a3afc98fa6e888c3eb56278ba52b0ff800e7e875af9c2e7f9011a
SH256 hash:
46cb32256dba295b72212185d3bf29e54de9f78fe32a8e43c82288285c3bf721
MD5 hash:
453d8d23d417dacecac4ad0235d2b420
SHA1 hash:
6aaffef79f32f151aef9d5c548ac9055ea6c2f35
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
SH256 hash:
434f7beb0652436a07c14dbba4c9b4bf6f72fd76c1ca029ab0f0fed15a254e52
MD5 hash:
3180945822acfcefce6fbebb2a9ff21a
SHA1 hash:
5672ebf09e639a72d542ffba23e7d0646990b790
Detections:
snake_keylogger
Create hunting rule
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
Parent samples :
ba0f2bf7248cea3c02252babbff583a8d5ddfb362027a8fc765da01eec3f710a
9aade5a05dc88e4e48630d86d043c842664c7bbed4db05277d6a47eea00f6895
1d60a5327938b43221143648d5cc423e8962e88c269eac87db52df8bea141f84
01856301804ce957c8ad34242cc6616a26fb17a245e65f7507d36aea4d54692f
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1
20e933700e0a43d79aafad13d07f388775fbc82d732dd00b8eefadaf07b1397f
4dd10f8112c4a81bd3904fb8eda3afb7cda488b448479e5e26e36e2c1038fc7f
e175719a9c226b9ef410b3ec21354f6efc4d7d540825f4fa9f2a62912d97cdb9
fe54c0b2d2bb05070d5b4b683bcb03d4cb2ef7cbd071f8dd9a8d6050ab6b165e
d1c140e8da159c5e1b62ef8707661a39fbe891438a417d41337119845b07ccbb
f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066
0ed9aff27c95fc0b9915bcf964e5e08f0e4b9159bd4ed39cc2a3be64503ae27c
6b55f0249f0db4e5fd6732e70f87513cc463545e952e23974cc612b94178922d
4bae43ed39ce2256e4125bbb217fe624635e1fe4e7a9d662be36d15ec3d0d660
b435ddbddc244cca3d3e085176a95ba87705b64952b074093f0a2e0837214179
03372b5bc8f3150c3698ebb6f356c11ffec8e23961e8d32b0c7ccb4ee5742636
91610b66796ef670692c7bb27a8cbe16a226bbb78de688dfc66b907a85db9f43
111fa339c4b6d5e0e08f4f51acfa1fc0a9a2b70f1ba3bedfbda1af5a3d030060
a1f20e7eb5cf78dfec6c0a2103ebff1e9809f2205f5f2098acb1cabed20960bd
ff3f3b2ca9862a3effd4e7f4410f4fbb2e7004ae87860aed3a3015e38cd7349e
8388492bd6a2522d657998b29b8d1e152275eebfb5ddb648ae15e3a1e42b4ecb
SH256 hash:
dea2c07cb16a39a8ffd76e1f43094f9235e8fb982dcef729c6cac5cb6a34cca7
MD5 hash:
5413c5f1b5600e8b4b88695a2ceb371f
SHA1 hash:
14395aa637acbe091bb885d96e98a6d75bda67bf
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
SH256 hash:
f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066
MD5 hash:
429575355f8acb95d59b345fba264ff1
SHA1 hash:
a4b5f0fa044be21f7f75c88c2936144c758b4ea3
Link:
https://www.unpac.me/results/b5f9840c-a4ed-4506-b47c-cf92a636f9f1/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f4aa9147ef64/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SnakeKeylogger

Executable exe f4aa9147ef6404e280e038adaa42f11c4cff8492f59d2f823e30304acf5cf066

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2322915/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/365850/

Comments