MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e
SHA3-384 hash: d12de71540e08b6151a7aeece9e0f4e6401ac7f7ba1949a3397abf629bd05eb4b0ddcb176f6e3cdf50ed150cf1cb52c5
SHA1 hash: 4e0ac8ebcd4f43c333851c41fa2cb647dc7a0ef8
MD5 hash: c86d658e947213a3b230342ecc1de152
humanhash: burger-ink-island-floor
File name:FATURA.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:1'116'672 bytes
First seen:2021-03-16 13:44:57 UTC
Last seen:2021-03-16 15:37:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:bQ4cKPX54k5v6Dd86gmqAImdcd0MfkFShaA90ysIpSQfiLn7OcS1:95/5v6J8zmqA/pekefeu
Threatray 12 similar samples on MalwareBazaar
TLSH A0358C12E694AB70F03973754432133183FDAD0A9626E7BD7D8831DA09B56C186F7EB2
Reporter James_inthe_box
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FATURA.exe
Verdict:
Malicious activity
Analysis date:
2021-03-16 13:55:25 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/dc37af89-803a-4427-b6e3-b98c1cb13402

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.580.20959.12768.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/202fb748-7ce8-48f4-bc5c-3c023467c70a
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/640772
Signature
.NET source code contains potential unpacker
Found malware configuration
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AntiVM3
Yara detected Beds Obfuscator
Yara detected Snake Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2021-03-16 09:21:54 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=77wdmyqsqui52s7u7cepqeo3tdlolltxms3kz46mirn4p6kdngha._file
Verdict:
unknown
Similar samples:
02cd534cf863894a7f2fc488ba077a5e95d31bdddea93de4019c7a9159ac1375
SnakeKeylogger
1857e9e122dd752766c9092043606a957e4e9d56d3ea043b63053054285c1cb4
SnakeKeylogger
65b6cc575eac7e69ccec2d892f7abd25965a301c4b02a7d82a977918edf3b16c
SnakeKeylogger
703170d16b28086934737a474038f62654f595f1f5b30b0115806187022d1df6
SnakeKeylogger
80d3f66ba9b603c7f90d3303718763b736e8cfa76f676ff4a57db67b96610dc6
SnakeKeylogger
aa9692c1769e25297176b847f4274570c56c4d74f4577608bd036e72d82d5bdb
SnakeKeylogger
b5f0e20f9980ba833f56a6bbe1e0e3deea46e566c0eab83a473c4705e2b295d6
SnakeKeylogger
b903be7c680d5eb78f951c7e1743b53e0cdfae05e19fa6fe7e77c84c29df1156
SnakeKeylogger
c9b11315a65d68d5577ca5b762e4d5d16f660b1ffde12cd5192c9717747a63ca
SnakeKeylogger
f782d415e7975acdf521b8a92ceb1e1f5c51c030dfdfdf5d798ad381003ed1bf
SnakeKeylogger
+ 2 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger keylogger spyware stealer
Link:
https://tria.ge/reports/210316-bcakrj3jce/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger Payload
Unpacked files
SH256 hash:
2b43013edb5706a946f4e523a1a219b31fe2a7e05c48884c048882b3c1327655
MD5 hash:
b7159eb14fe565d4e233604b629bbd8a
SHA1 hash:
64f82c67e6c7cbc078141162a49bffcee3d9ebb9
Link:
https://www.unpac.me/results/040456ad-7407-4c2a-abdd-a9b46e9bcbcd/
SH256 hash:
ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e
MD5 hash:
c86d658e947213a3b230342ecc1de152
SHA1 hash:
4e0ac8ebcd4f43c333851c41fa2cb647dc7a0ef8
Link:
https://www.unpac.me/results/040456ad-7407-4c2a-abdd-a9b46e9bcbcd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/ffec3662128511dd4bf4f888f811db98d6e5ae7764b6acf3cc445bc7f943698e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ConfuserEx Mod Beds Protector
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:MALWARE_Win_SnakeKeylogger
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments