Virus

MSIL/Snake.KEY!tr.dldr

Analysis

MSIL/Snake.KEY!tr.dldr is a detection for a trojan.
Below are some of its observed characteristics/behaviours:

This malware has been associated with the KrakenKeylogger malware family.

This malware attempts to connect to https://file.kouke[removed]nizcg.dat to download the next payload.
- At the time of analysis, the domain/url is no longer accessible.

This malware may steal user credentials by logging the keystrokes of the infected system.

Below are some of the sites associated with the trojan:
- https://file.kouke[removed]nizcg.dat

Following are some of the exact file hashes associated with this detection:
- Md5: d067b738465ca2bc63c011d9cce8a09e
  Sha256: 751b3411e92b05d3b837983c8996dace4d0258facc577f6e201f3c7d23792190

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date	Version	Detail
2024-10-03	92.07756
2024-08-06	92.06378

ID	10187622
Released	Aug 06, 2024
Description Updated	Aug 06, 2024
Aliases	MSIL/TrojanDownloader.Agent.RBA trojan,Trojan[Spy]/MSIL.SnakeLogger
Platform Profile	Microsoft Intermediate Language (used for MSIL compiled binaries)
Profile Type	Trojan Downloader (tr.dldr)