MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76
SHA3-384 hash: 0c9776c909786c47338800928cf958d340d46376aa3a63db3617511c47578d67b2d5a8fc5c745cc305e29939f58baa2b
SHA1 hash: 6216d7952c43211d569661e19a3d2113c1791ccd
MD5 hash: 3bab5a83ae6ad5c2db06ab7cd93ef41d
humanhash: lion-fix-golf-music
File name:Purchase Order.rar
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:480'964 bytes
First seen:2021-02-11 14:43:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:RyR+HQW6hGww0sm7lueFx9KSyOO58tctGjh4Vvz:RyR+wby0sm7luex5yOOOiAhmvz
TLSH 5CA423761B33FA6F40325A247B23E3D5993784C8E781A932D43CCB67D1E6921EDD0982
Reporter abuse_ch
Tags:rar SnakeKeylogger


Avatar
abuse_ch
Malspam distributing SnakeKeylogger:

HELO: rexnordindia.co.in
Sending IP: 103.99.1.142
From: info@rexnordindia.co.in
Subject: Re; Purchase Orders
Attachment: Purchase Order.rar (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25065.RarHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 14:53:50 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7z67simb45schswp5f5jl7fac6qcp464lqaiei4jmfgnd5sjfj3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

rar fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76

(this sample)

SnakeKeylogger

Executable exe 7d66022b23aa84304657d92e2594f56331036896d42538a6aed0f24c9db6ded9

  
Dropping
MD5 7f973c2c37a9e858e167b5051cab9bcf
  
Dropping
SnakeKeylogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d66022b23aa84304657d92e2594f56331036896d42538a6aed0f24c9db6ded9

Comments