MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750
SHA3-384 hash:	41cac10b4d1db78e1cf7a1d288b829271485c1fb2acf2652201754b0d775f0f8fa651a503707ddcd361f7b8f3c445ce0
SHA1 hash:	4f70b875b9fc669af12855dc1927a6f4b3f37baa
MD5 hash:	d8e00a1e0b3c1f231f9f5d511f056db5
humanhash:	seventeen-neptune-colorado-wyoming
File name:	0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	1'961'984 bytes
First seen:	2025-09-05 12:50:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8e1ca82498002da7f4efcb6c1aab495b (1 x SnakeKeylogger)
ssdeep	49152:qr+xuu5Z1NqkJJMBDjaCKcshG/EoZpjvEQZW+XWTsHW:q6uwZxJJMBDjaCKxhG/EoZpjvEQZW+Xp
TLSH	T1B795723D9AB91127D0ADC2749BC48D2FF810993B3515BD29EBC247A91325AC375E223F
TrID	74.4% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8) 9.5% (.EXE) Win64 Executable (generic) (10522/11/4) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.0% (.EXE) Win32 Executable (generic) (4504/4/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

Verdict:

No threats detected

Analysis date:

2025-09-05 17:30:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/69f9de42-7e57-483b-8a6d-27fd88ec9d90

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/25467/

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68badce5eb163e0ec1847e0e

Tags:

malware

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

DNS request

Connection attempt

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

crypt obfuscated threat visual_basic

Link:

https://www.filescan.io/uploads/68bae67137c25fcf12d4c4b6/reports/41f3c315-00a9-4a45-a666-72a2a6b5d61a/overview

Verdict:

Malicious

Labled as:

Tedy.Generic

Link:

https://www.hybrid-analysis.com/sample/0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-08-18T02:19:00Z UTC

Last seen:

2025-08-18T02:19:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/5ff02a7c-0416-47ac-8e02-bcc8afe212c5

Score:

95%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Visual Basic Visual Basic 6 Win 32 Exe x86

Link:

https://app.malva.re/file/d8e00a1e0b3c1f231f9f5d511f056db5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750/

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2025-08-18 06:13:49 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 36 (58.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aiawkjjasfzehzd5x2hzwljsws5rozfzhgccnqex5jws5gj2g5ia._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250905-qr1rkazydt/

Behaviour

Suspicious use of SetWindowsHookEx

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/0ebcb9d8-ea11-4a3a-9910-d365710cf5ef

Unpacked files

SH256 hash:

0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

MD5 hash:

d8e00a1e0b3c1f231f9f5d511f056db5

SHA1 hash:

4f70b875b9fc669af12855dc1927a6f4b3f37baa

Link:

https://www.unpac.me/results/3c37b89b-21bb-4ceb-83c6-cd8b17edf9ff/

SH256 hash:

3b3d0f3c1cdef4420d445cde346b9a51757ced0a04d62dc8719f6040279719e0

MD5 hash:

d5dbf3f98736f5c13b37deb2480d02e1

SHA1 hash:

065ba04390174bf42d5929b0b1614b9251de7f3f

Link:

https://www.unpac.me/results/3c37b89b-21bb-4ceb-83c6-cd8b17edf9ff/

SH256 hash:

f16d6c55b649c1d25adcd2d8d9464cfdae7b5487c39df6b683ec5d564d1f3b71

MD5 hash:

94ccae0ba951db1641b93df5b2151592

SHA1 hash:

603e2211be99db3dc7c1a005a5290125d1d2d001

Detections:

win_404keylogger_g1

snake_keylogger

MAL_Envrial_Jan18_1

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_SUSPICIOUS_EXE_DotNetProcHook

MALWARE_Win_SnakeKeylogger

Link:

https://www.unpac.me/results/3c37b89b-21bb-4ceb-83c6-cd8b17edf9ff/

Parent samples :

b9fc45e7dce50f5e1c620d0f42120c3dd4f2ecc309d2b299e3599e06bfded85f
4202f9550135e4c30d032ff81637ce43a539620da33cb5b7c7ea07c4555e7033
3ca0de0f3ea53b9254aea3c5fe9e604e189236b2c918096acf837583f9205587
6bfefb0f3b8a878aec69c3d830824c3bf7d5181ffd6d6e88dc4a8d793370c233
2ef20b579a88f614a0e4235fce18ebc6a8dc2c0e73f3d152826ff173a963a44a
16cdb69b5e6d2903d654ffced05bd03d303587db0f307137d8a588138a658b3d
bc50ae7aa9d0ebbabd5e6405dc7317b42e10f5559bb8e0e422c7b9ca5d38e231
81467731cad7caa88c63f9cc0949efd53c6e0853eda90cab81993a2e567de8cd
144c0630ec23ef25922d5af40c7754cc00c7e35df7ec0faf1fba807e36401f1b
0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0201652520917243e47dbe8f9b2d32b4bb1764b9398426c097ea6d2e993a3750

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	SEH__vba Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/25467/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample